Memory device authentication

ABSTRACT

According to one embodiment, a device includes a first data generator configured to generate a second key (HKey) by encrypting a host constant (HC) with the first key (NKey); a second data generator configured to generate a session key (SKey) by encrypting a random number (RN) with the second key (HKey); a one-way function processor configured to generate an authentication information (Oneway-ID) by processing the secret identification information (SecretID) with the session key (SKey) in one-way function operation; and a data output interface configured to output the encrypted secret identification information (E-SecretID) and the authentication information (Oneway-ID) to outside of the device.

FIELD

Embodiments described herein relate generally to a device.

BACKGROUND

In general, in fields of information security, a method using mutuallyshared secret information and an encryptor is adopted as means forcertifying one's own authenticity.

For example, in an IC card (Smart Card), etc., which are used forelectronic settlement, an ID and secret information for individualizingthe IC card are stored in an IC in the card. Further, the IC card has acipher processing function for executing authentication based on the IDand secret information.

In another example, an authentication method called Content Protectionfor Recordable Media (CPRM) is specified as means for certifyingauthenticity of an SD (registered trademark) card in protection ofcopyrighted contents.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a block diagram showing a configuration example of a memorysystem according to a first embodiment;

FIG. 2 is a flow chart showing an authentication flow of the memorysystem according to the first embodiment;

FIG. 3 is a diagram showing a configuration example of an encrypted FKeybundle (FKB) according to the first embodiment;

FIG. 4 is a block diagram showing a configuration example of the memorysystem according to the first embodiment;

FIG. 5 is a diagram illustrating a write process of secret informationby a NAND manufacturer according to the first embodiment;

FIG. 6 is a flow chart showing a process in FIG. 5;

FIG. 7 is a diagram illustrating a write process of FKB by a cardmanufacturer according to the first embodiment;

FIG. 8 is a flow chart showing a process in FIG. 7;

FIG. 9 is a diagram showing an authenticatee according to a firstmodification;

FIG. 10 is a block diagram showing a system downloading FKB according tothe first modification;

FIG. 11 is a flow chart showing a flow of downloading FKB according tothe first modification;

FIG. 12 and FIG. 13 are block diagrams showing a configuration exampleof a memory system according to second and third embodiments,respectively;

FIG. 14 is a flow chart showing the authentication flow of the memorysystem according to the third embodiment;

FIG. 15 is a block diagram showing a configuration example of a memorysystem according to a fourth embodiment;

FIG. 16 is a flow chart showing the authentication flow of the memorysystem according to the fourth embodiment;

FIG. 17 is a block diagram showing a configuration example of functioncontrol according to the third or fourth embodiment;

FIG. 18 is a block diagram showing an overall configuration example of aNAND chip according to a fifth embodiment;

FIG. 19 is an equivalent circuit diagram showing a configuration exampleof one block of the NAND chip in FIG. 18;

FIG. 20A, 20B, 20C, and 20D are block diagrams showing configurationexamples of a cell array according to the fifth embodiment;

FIG. 21 is a diagram showing read-only data in a ROM block according tothe fifth embodiment;

FIGS. 22, 23, 24, and 25 are block diagrams showing first, second,third, and fourth configuration examples of ECC;

FIG. 26 is a diagram showing confidential data in a confidential blockaccording to the fifth embodiment;

FIG. 27 is a diagram showing an example of an access control patternaccording to the fifth embodiment;

FIG. 28 is a block diagram showing a usage example of the access controlpattern according to the fifth embodiment;

FIG. 29 is a diagram showing a test flow according to the fifthembodiment;

FIG. 30 is a diagram showing a data erasure flow according to the fifthembodiment;

FIG. 31 is a block diagram showing a configuration example of a NANDchip according to a sixth embodiment;

FIG. 32 and FIG. 33 are diagrams showing first and second operationflows of the NAND chip according to the sixth embodiment;

FIG. 34 is a diagram showing a test flow according to the sixthembodiment;

FIG. 35 is a diagram showing an inspection flow of hidden informationaccording to the sixth embodiment;

FIGS. 36A and 36B are timing charts showing a command mapping exampleaccording to a seventh embodiment;

FIGS. 37A and 37B are timing charts showing a command mapping example(Set/Get feature commands) according to the seventh embodiment;

FIG. 38 is a diagram showing a configuration example of a memory cardaccording to an eighth embodiment;

FIG. 39 is a diagram showing a first application example to contentprotection according to the eighth embodiment;

FIG. 40 and FIG. 41 are diagrams showing first and second applicationexamples to the HDD according to the eighth embodiment;

FIG. 42, 43, and 44 are diagrams showing second, third, and fourthapplication examples to the content protection according to the eighthembodiment;

FIG. 45 is a block diagram showing a configuration example of a senseamplifier according to a second modification and a peripheral circuitthereof; and

FIG. 46 is an equivalent circuit diagram of the sense amplifier and adata cache in FIG. 45.

DETAILED DESCRIPTION

In general, according to one embodiment,

(1) A semiconductor memory device including:

a cell array including at least an ordinary area accessible from theoutside, a hidden area to which access request from the outside isrestricted, and an identification information record area in whichidentification information which defines a condition for accessing thehidden area is recorded;

an authentication circuit which performs authentication with theoutside; and

a sensing circuit which recognizes information recorded in theidentification information storage area, determines the informationrecorded in the identification information record area when an accessrequest from the outside selects the hidden area, validates an access tothe hidden area from the outside when determined that the identificationinformation is recorded, and invalidates an access to the hidden areafrom the outside when determined that the identification information isnot recorded.

(2) In the device of (1), the identification information includes bits,sub identification information items, or complementary information.

(3) In the device of (2), the sensing circuit performs a complementarydetermination for each sub identification information item, anddetermines whether complementary determination results in theidentification information are equal to or more than a predeterminednumber to determine whether the identification information is recorded.

(4) In the device of any of (1) to (3), hidden information is recordedin the hidden area by the authentication circuit.

(5) In the device of any of (1) to (4), when the access request is arequest to erase information recorded in the hidden area, the sensingcircuit performs the erasure of information recorded in the hidden areawhen determined that the identification information is recorded and doesnot perform the erasure of the information recorded in the hidden areawhen determined that the identification information is not recorded.

(6) In the device of any of (1) to (4), when the access request is arequest to write information in the hidden area, the sensing circuitperforms the writing of information in the hidden area when determinedthat the identification information is recorded and does not perform thewriting of the information in the hidden area when determined that theidentification information is not recorded.

(7) In the device of any of (1) to (4), when the access request is arequest to read information recorded in the hidden area, the sensingcircuit performs the reading of information recorded in the hidden areawhen determined that the identification information is recorded and doesnot perform the reading of information recorded in the hidden area whendetermined that the identification information is not recorded.

(8) In the device of any of (1) to (4), when the access request is arequest to erase information recorded in the ordinary area, the sensingcircuit performs the erasure of information recorded in the ordinaryarea without determining the information recorded in the identificationinformation record area.

(9) In the device of any of (1) to (4), when the access request is arequest to write information in the ordinary area, the sensing circuitperforms the writing of information in the ordinary area withoutdetermining the information recorded in the identification informationrecord area.

(10) In the device of any of (1) to (4), when the access request is arequest to read information recorded in the ordinary area, the sensingcircuit performs the reading of information recorded in the ordinaryarea without determining the information recorded in the identificationinformation record area.

(11) In the device of any of (1) to (10), the cell array includes blockswhich are minimum erasure units, at least one block is assigned to theordinary area, at least one block is assigned to the hidden area, andthe identification information record area is positioned in the blockassigned to the hidden area.

(12) In the device of (11), one block includes pages which are writingand reading units, and the identification information record area ispositioned in only one page within one block.

(13) In the device of (11), one block includes pages which are writingand reading units, and the identification information record area ispositioned in pages within one block.

(14) In the device of any of (1) to (13), the sensing circuit outputsoutside a status signal indicative of invalidation of an access to thehidden area when determined that the identification information is notrecorded.

(15) The device of (5), further including a sequence control circuitwhich controls at least erasure, writing, and reading of the cell array,wherein the sensing circuit outputs a signal indicative of invalidationof erasure to the sequence control circuit when determined that theidentification information is recorded.

(16) The device of (6), further including a sequence control circuitwhich controls at least erasure, writing, and reading of the cell array,wherein the sensing circuit outputs a signal indicative of invalidationof writing to the sequence control circuit when determined that theidentification information is recorded.

(17) The device of (7), further including a sequence control circuitwhich controls at least erasure, writing, and reading of the cell array,wherein the sensing circuit outputs a signal indicative of invalidationof reading to the sequence control circuit when determined that theidentification information is recorded.

(18) In the device of any of (15) to (17), the sequence control circuitis commonly used between the ordinary area and hidden area.

a function call unit configured to return an instruction to call thespecific function of the semiconductor memory device, when thetransmitted authentication information matches with authenticationinformation generated by the semiconductor memory device.

(19) A device to be authenticated comprising:

a first memory area being used to store a first key (NKey) and secretidentification information (SecretID) unique to the device, the firstmemory area being prohibited from being read and written from outside ofthe device at least after shipping;

a second memory area being used to store encrypted secret identificationinformation (E-SecretID) generated by encrypting the secretidentification information (SecretID), the second memory area beingrequired to be read-only from outside of the device;

a third memory area being required to be readable and writable fromoutside of the device;

a first data generator configured to generate a second key (HKey) byencrypting a host constant (HC) with the first key (NKey) in AESoperation;

a second data generator configured to generate a session key (SKey) byencrypting a random number (RN) with the second key (HKey) in AESoperation;

a one-way function processor configured to generate an authenticationinformation (Oneway-ID) by processing the secret identificationinformation (SecretID) with the session key (SKey) in one-way functionoperation; and

a data output interface configured to output the encrypted secretidentification information (E-SecretID) and the authenticationinformation (Oneway-ID) to outside of the device.

(20) A device to be authenticated comprising:

a first memory area being used to store a first key (NKey) and secretidentification information (SecretID) unique to the device, the firstmemory area being prohibited from being read and written from outside ofthe device at least after shipping;

a second memory area being used to store encrypted secret identificationinformation (E-SecretID) generated by encrypting the secretidentification information (SecretID), the second memory area beingrequired to be read-only from outside of the device;

a third memory area being required to be readable and writable fromoutside of the device;

a first data generator configured to generate a second key (HKey) byencrypting a host constant (HC) with the first key (NKey);

a second data generator configured to generate a session key (SKey) byencrypting a random number (RN) with the second key (HKey);

a one-way function processor configured to generate an authenticationinformation (Oneway-ID) by processing the secret identificationinformation (SecretID) with the session key (SKey) in one-way functionoperation; and

a data output interface configured to output the encrypted secretidentification information (E-SecretID) and the authenticationinformation (Oneway-ID) to outside of the device.

(21) A device to be authenticated comprising:

a first memory area being used to store a first key (NKey) and secretidentification information (SecretID) unique to the device;

a second memory area being used to store encrypted secret identificationinformation (E-SecretID) generated by encrypting the secretidentification information (SecretID);

a first data generator configured to generate a second key (HKey) byencrypting a host constant (HC) with the first key (NKey) in AESoperation;

a second data generator configured to generate a session key (SKey) byencrypting a random number (RN) with the second key (HKey) in AESoperation;

a one-way function processor configured to generate an authenticationinformation (Oneway-ID) by processing the secret identificationinformation (SecretID) with the session key (SKey) in one-way functionoperation; and

a data output interface configured to output the encrypted secretidentification information (E-SecretID) and the authenticationinformation (Oneway-ID) to outside of the device.

(22) A device to be authenticated comprising:

a first memory area being used to store a first key (NKey) and uniquesecret identification information (SecretID), the first memory areabeing restricted from being read and written from outside;

a second memory area being used to store encrypted secret identificationinformation (E-SecretID) generated by encrypting the secretidentification information (SecretID), the second memory area beingallowed to be read-only from outside;

a third memory area being readable and writable from outside;

a first data generator configured to generate a second key (HKey) byusing the first key (NKey);

a second data generator configured to generate a session key (SKey) byusing the second key (HKey); and

a one-way function processor configured to generate an authenticationinformation by processing the secret identification information with thesession key in one-way function operation,

wherein the encrypted secret identification information (E-SecretID) andthe authentication information (Oneway-ID) are output to outside.

(23) A device to be authenticated comprising:

a memory area being used to store a first key (NKey), unique secretidentification information (SecretID), and encrypted secretidentification information (E-SecretID), the encrypted secretidentification information (E-SecretID) being generated by encryptingthe secret identification information (SecretID), the first key (NKey)and the secret identification information (SecretID) being prohibitedfrom being read from outside, the encrypted secret identificationinformation (E-SecretID) being readable from outside;

a data generator configured to generate a session key (SKey) by using asecond key (HKey), the second key (HKey) being generated based on thefirst key (NKey); and

a one-way function processor configured to generate an authenticationinformation by processing the secret identification information(SecretID) with the session key (SKey) in one-way function operation.

(24) An authentication method comprising:

generating a second key (HKey) by processing AES operation with thefirst key (NKey), the first key being stored in a memory and beingprohibited from being read from outside;

generating a session key (SKey) by processing AES operation with thesecond key (HKey);

generating first authentication information (Oneway-ID) by processingsecret identification information (SecretID) with the session key (SKey)in one-way function operation, the secret identification information(SecretID) being stored in a memory and being prohibited from being readfrom outside;

transmitting encrypted secret identification information (E-SecretID) toan external device and receiving second authentication information(Oneway-ID) from the external device, the encrypted secretidentification information (E-SecretID) being stored in a memory andreadable, the second authentication information (Oneway-ID) beinggenerated based on the encrypted secret identification information(E-SecretID); and

determining whether the first authentication information and the secondauthentication information match.

(25) A manufacturing method of a device to be authenticated, wherein thedevice includes a first memory area which is prohibited fromdata-reading and data-writing after shipping from a memory vendor; asecond memory area which is allowed to data-read from outside aftershipping from the memory vendor; and a third memory area which isallowed to data-read and data-write from outside after sipping from thememory vendor,

the method comprising:

storing, by the memory vendor, first key (NKey) and secretidentification information unique to the device into the first memoryarea, and storing, by the memory vendor, encrypted secret identificationinformation (E-SecretID) generated by encrypting the secretidentification information (SecretID) into the second memory area; and

storing, by a vendor different from the memory vendor, a family keyblock (FKB) into the third memory area, the family key block (FKB)generating information to allow to decrypt the encrypted secretidentification information (E-SecretID).

(26) A manufacturing method of a device to be authenticated, wherein thedevice includes a first memory area which is prohibited fromdata-reading and data-writing after shipping from a first manufacturingunit; a second memory area which is allowed to data-read from outsideafter shipping from the first manufacturing unit; and a third memoryarea which is allowed to data-read and data-write from outside aftersipping from the first manufacturing unit,

the method comprising:

storing, by the memory vendor, first key (NKey) and secretidentification information unique to the device into the first memoryarea, and storing, by the memory vendor, encrypted secret identificationinformation (E-SecretID) generated by encrypting the secretidentification information (SecretID) into the second memory area; and

storing, by a second manufacturing unit, a family key block (FKB) intothe third memory area, the family key block (FKB) generating informationto allow to decrypt the encrypted secret identification information(E-SecretID).

(27) A device comprising:

a memory being used to store a host identification key (IDKey), a hostconstant (HC), and a first key (HKey), the first key (HKey) beinggenerated based on the host constant (HC);

a first generator configured to decrypt a family key block read from anexternal device with the host identification key (IDKey) to generate afamily key (FKey);

a second generator configured to decrypt encrypted secret identificationinformation (E-SecretID) read from the external device with the familykey (FKey) to generate a secret identification information (SecretID);

a third generator configured to generate a random number (RN);

a fourth generator configured to generate a session key (SKey) by usingthe first key (HKey) and the random number (RN);

a fifth generator configured to generate a first authenticationinformation (Oneway-ID) by processing the secret identificationinformation (SecretID) with the session key (SKey) in one-way functionoperation; and

a verification unit configured to determine whether the firstauthentication information (Oneway-ID) and a second authenticationinformation (Oneway-ID) match, the second authentication information(Oneway-ID) being generated by the external device with the hostconstant (HC) transmitted to the external device.

(28) A method of authenticating a device by an authenticator, wherein

the device includes

a first memory area storing first secret identification information(SecretID) unique to the device and a first key (NKey), the first memoryarea being prohibited from being read and written from outside of thedevice at least after shipment of the device, and

a second memory area storing encrypted secret identification information(E-SecretID), the second memory area being required to be read-only fromoutside of the device, and

the authenticator stores a host constant (HC), a host identification key(IDKey) hidden from outside of the authenticator, and a second key(HKey) hidden from outside of the authenticator,

the method comprising:

reading the encrypted secret identification information (E-SecretID)from the device by the authenticator;

generating second secret identification information (SecretID) bydecrypting the encrypted secret identification information (E-SecretID)by the authenticator;

generating a random number (RN) by the authenticator;

reading the host constant (HC) and the random number (RN) from theauthenticator by the device;

generating a third key (HKey′) using the host constant (HC) and thefirst key (NKey) by the device;

generating a first session key (SKey) using the third key (HKey′) andthe random number (RN) by the device;

generating a second session key (SKey′) using the second key (HKey) andthe random number (RN) by the authenticator;

generating first authentication information (Oneway-ID) by processingthe first secret information (SecretID) with the first session key(SKey) in one-way function operation by the device;

generating second authentication information (Oneway-ID′) by processingthe second secret information (SecretID) with the second session key(SKey′) in one-way function operation by the authenticator;

reading the first authentication information (Oneway-ID) from the deviceby the authenticator; and

determining whether the first authentication information (Oneway-ID) andthe second authentication information (Oneway-ID′) match by theauthenticator.

(29) A method of authenticating a first device and a second device eachother, wherein

first secret identification information (SecretID), a first key (NKey),and encrypted secret identification information (E-SecretID) are storedin the first device, the first secret identification information(SecretID) and a first key (NKey) are prohibited from being read fromoutside, and the encrypted secret identification information(E-SecretID) is readable, and

a host constant (HC), host identification key (IDKey), and a second key(HKey) are stored in the second device,

the method comprising:

generating second secret identification information (SecretID) bydecrypting the encrypted secret identification information (E-SecretID)read from the first device by the second device;

generating a random number (RN) by the second device;

generating a third key (HKey′) by using the host constant (HC) read fromthe first device and the first key (NKey) by the first device;

generating a first session key (SKey) by using the third key (HKey′) andthe random number (RN) by the first device;

generating first authentication information (Oneway-ID) by processingthe first secret information (SecretID) with the first session key(SKey) in one-way function operation by the first device;

generating a second session key (SKey′) by using the second key (HKey)and the random number (RN) by the second device;

generating second authentication information (Oneway-ID′) by processingthe second secret information (SecretID) with the second session key(SKey′) in one-way function operation by the second device; and

determining whether the first authentication information (Oneway-ID) andthe second authentication information (Oneway-ID′) match by the seconddevice.

(30) A device comprising:

a memory being used to store a host identification key (IDKey), a hostconstant (HC), and a first key (HKey), the first key (HKey) beinggenerated based on the host constant (HC);

a generator configured to decrypt encrypted secret identificationinformation (E-SecretID) read from the external device by usinginformation generated with the host identification key (IDKey) togenerate a secret identification information (SecretID);

a third generator configured to generate a random 2 number (RN);

a fourth generator configured to generate a session key (SKey) by usingthe first key (HKey) and the random number (RN);

a fifth generator configured to generate a first authenticationinformation (Oneway-ID) by processing the secret identificationinformation (SecretID) with the session key (SKey) in one-way functionoperation; and

a verification unit configured to determine whether the firstauthentication information (Oneway-ID) and a second authenticationinformation (Oneway-ID) match, the second authentication information(Oneway-ID) being generated by the external device with the hostconstant (HC) transmitted to the external device.

(31) A device comprising:

a memory being used to store a host identification key (IDKey), a hostconstant (HC), and a first key (HKey), the first key (HKey) beinggenerated based on the host constant (HC);

a first generator configured to decrypt a family key block read from anexternal device with the host identification key (IDKey) to generate afamily key (FKey);

a second generator configured to decrypt encrypted secret identificationinformation (E-SecretID) read from the external device with the familykey (FKey) to generate a secret identification information (SecretID);

a third generator configured to generate a random number (RN);

a fourth generator configured to generate a session key (SKey) by usingthe first key (HKey) and the random number (RN);

a fifth generator configured to generate a first authenticationinformation (Oneway-ID) by processing the secret identificationinformation (SecretID) with the session key (SKey) in one-way functionoperation; and

a verification unit configured to determine whether the firstauthentication information (Oneway-ID) and a second authenticationinformation (Oneway-ID) match, the second authentication information(Oneway-ID) being generated by the external device with the hostconstant (HC) transmitted to the external device.

wherein the first key (NKey) and the secret identification information(SecretID) issued by a key issuer and be stored in the memory by amemory manufacture, and the family key block (FKB) issued by the keyissuer and be stored in the memory by a card manufacture.

When a security system adopting a process of authentication isconstructed, it is necessary to assume a case in which a device whichexecutes the process of the authentication is attacked, and hiddeninformation is extracted. Therefore, the method of revoking extractedhidden information becomes important.

In the above-described CPRM or in Advanced Access Content System (ARCS)that is a copyright protection technique specified for protectingcontent recorded in a Blu-ray Disc, Media Key Block (MKB) is used forrevoking a device key that is hidden information. In another methodadopting a protocol based on public key cryptosystem, a list (RevocationList) of a public key certificate, which is paired with leaked privatekey information is used.

As an example, a system of playing back video content, which is recordedin an SD card, by software that is installed in a PC is taken. A CPRMprocess is implemented in the SD by hardware, therefore, it is verydifficult to unlawfully extract hidden information. Compared to this, inmany cases, it is easier to extract hidden information from the videoplayback software as a method of an attack. Actually, many softwareitems for unlawfully decrypting content recorded in protected DVD orBlu-ray disk have been available. In such unlawful software, hiddeninformation, which is extracted from an authentic software player, isutilized.

In addition, in some cases, it is necessary to take countermeasuresagainst card-falsifying software or a false SD card. For example, animitative SD card in disguise is produced by using hidden informationextracted from authentic software, thereby to deceitfully use anauthentic software player. For instance, a false SD card is producedsuch that an encryption key, which was used in encryption of content,can be easily read out from the false SD card. Thereby, it becomespossible to easily decrypt the video content recorded in the false SDcard, by using an authentic video recorder.

An authenticator may be provided not only as a dedicated hardware devicesuch as a consumer device, but also as a program (software) which isexecutable in a PC (personal computer) or the like, and, in some cases,the software functions as a substantial authenticator. On the otherhand, an authenticatee is, for instance, recording media or the like.The authenticatee is a device to be authenticated. For example, theauthenticatee includes a discrete device (for example, memory device), amodule (for example, a card in which the memory device is embedded), anapparatus (for example, an apparatus with built-in modules), and acombination of any of the device, the module, and the apparatus. Even inthe case where a program called “firmware” mediates in the operation ofhardware which constitutes the recording media, an important process orinformation is stored in a hidden state in hardware in the cell array.Thus, in the case where software which is executed on the PC is theauthenticator, there is concern that the tamper-resistance (theresistance to attacks) becomes lower, compared to the authenticatee suchas recording media.

Thus, there is concern that, by attacking an authenticator with a lowtamper-resistance, secret information hidden in an authenticatee with ahigh tamper-resistance is also exposed, leading to a disguise as adevice with a high tamper-resistance. To deal with such a situation, amethod of efficiently preventing unlawful use of secret information isdemanded.

In addition, in recent years, such a demand tends to be strong even inan environment in which restrictions are also imposed on circuit scales,for example, in an environment in which hardware implementation of apublic key cryptosystem process or an MKB process, which requires arelatively large circuit scale, is difficult to achieve. Therefore, amethod of efficiently preventing unlawful use of secret informationwhile controlling an increase of the circuit scale to a minimum isdemanded.

A plurality of embodiments will be described below with reference todrawings. In the description below, a memory system is taken as anexample of an authenticator, an authenticatee, and an authenticationmethod, but the embodiments are not limited to such an example. In thedescription below, common parts are denoted by like reference numeralsthroughout the drawings.

[First Embodiment]

An authenticator, an authenticatee, and an authentication methodaccording to a first embodiment will be described.

<1. Configuration example (Memory System)>

A configuration example of a memory system according to the firstembodiment will be described by using FIG. 1.

As shown in FIG. 1, the memory system according to the first embodimentincludes a NAND flash memory 10 as an authenticatee, a host device 20 asan authenticator, and a controller 19 mediating therebetween. The hostdevice 20 accesses the NAND flash memory 10 via the controller 19.

Here, a manufacturing process of a semiconductor product such as theNAND flash memory 10 will briefly be described. The manufacturingprocess of a semiconductor product can mainly divided into a preprocessto form a circuit on a substrate wafer and a postprocess to cut thewafer to individual pieces and then to perform wiring and packaging apiece in a resin.

The controller 19 is configured in various ways such being configured tobe included in the NAND flash memory 10 in the preprocess, configured tobe included in the same package in the postprocess, though not includedin the preprocess, and provided as a different chip from the NAND flashmemory 10. The description below including FIG. 1 is provided by takinga case when the controller 19 is provided as a different chip from theNAND flash memory 10 as an example.

If not mentioned specifically below, the controller 19 mediates betweenthe host device 20 and the NAND flash memory 10 in many cases toexchange data and instructions therebetween. Even in such a case, thecontroller 19 does not change intrinsic content of the above data andinstructions and thus, details may be provided below as an abbreviateddescription. Details of configuration examples of the NAND flash memory10 and the controller 19 will be provided later.

If the host device 20 is configured as dedicated hardware like aconsumer device, not only a case where the device is configured bycombining dedicated hardware with firmware to operate the dedicatedhardware, but also a case where all functions of the device are realizedby software operating in a PC can be assumed. The present embodiment canbasically be applied regardless of which configuration the host device20 adopts.

Each component and data processing shown in FIG. 1 will be describedbelow. The present embodiment shows the method of reading secretidentification information SecretID recorded in an authenticatee in astate hidden from third parties and also verifying that the data hasbeen read from an authentic authenticatee and a configuration examplewhen the method is applied to a memory system using the NAND flashmemory 10.

1-1. NAND Flash Memory

In the present embodiment, the NAND flash memory 10 is an authenticatee.

As shown in FIG. 1, the NAND flash memory 10 according to the presentembodiment includes a cell array (Cell array) 11, a data cache (DataCache) 12 disposed in a peripheral area of the cell array 11, datagenerators (Generate) 13, 14, and a one-way converter (Oneway) 15. Thedata generators (Generate) 13, 14 and the one-way converter (Oneway) 15constitute an authentication circuit 17.

The cell array 11 includes a read/write area (Read/Write area) 11-1permitted to read and write into from outside, a hidden area (Hiddenarea) 11-2 inhibited from both reading and writing into from outside,and a ROM area (ROM area) 11-3 inhibited from writing into from outside.

The read/write area (ordinary area) 11-1 is an area into which data canbe written and from which data can be read from outside the NAND flashmemory 10. In the read/write area 11-1, key management information FKBv(Family Key Block) that is an encrypted FKey bundle prepared to hideFKeyv is stored. In contrast to other data recorded in the NAND flashmemory 10, FKBv may be record when the NAND flash memory 10 isfabricated, or when the storage media for general user is fabricated byconnecting the controller to the NAND flash memory 10. Alternatively,FKBv may be downloaded from a server in accordance with a user's requestafter shipping. That is, a third memory area 11-1 is used to store afamily key block FKB including data generated by encrypting the familykey FKey with a host identification key IDKey, the third memory area11-1 being required to be readable and writable from outside of theauthenticator. Details thereof will be described below.

The key management information FKBv is information used to decrypthidden information FKeyv based on secret information IDKeyk held by thehost device 20 and index information k of the secret information IDKeyk,or information used to decrypt hidden information FKeyv based on secretinformation IDKeyk held by the host device 20 and identificationinformation of the host device 20.

The key management information FKBv is also information not onlyprepared uniquely for each of the NAND flash memories 10, but also canbe commonly attached to (can be associated with) a plurality of the NANDflash memories 10 such as the production lot unit or wafer unit of theNAND flash memories 10 in accordance with the manufacturing process.Index information v of the key management information FKBv may beidentification information or version number information of the keymanagement information FKBv.

The hidden area 11-2 is an area inhibited from both reading and writinginto from outside the NAND flash memory 10. In the hidden area 11-2,secret information NKeyi used by the NAND flash memory 10 for anauthentication process and secret identification information SecretID ofthe NAND flash memory 10 are recorded. That is, a first memory area 11-2is used to store a first key NKey and secret identification informationSecretID unique to the authenticator, the first memory area 11-2 beingprohibited from being read and written from outside of the authenticatorat least after shipping.

The ROM area 11-3 is an area inhibited from writing into from outsidethe NAND flash memory 10, but is permitted to read data therefrom. Inthe ROM area 11-3, index information v (index of FKey) to indicatehidden information FKeyv hidden by the key management information FKBv,secret identification information (SecretID) encrypted by the hiddeninformation Fkeyv (E-SecretID), and index information i (index of NKey)to indicate the secret information NKeyi are recorded. That is, a secondmemory area 11-3 is used to store an encrypted secret identificationinformation E-SecredID generated by encrypting the identificationinformation SecretID with a family key FKey, the second memory area 11-3being required to be read-only from outside of the authenticator.

In the present embodiment, data is generally recorded after an errorcorrection code being attached so that, even if an error occurs in datawhen the index information i or the index information v is recorded,correct identification information can be read. However, to simplify thedescription, error correction encoding and decoding processes are notspecifically illustrated.

Incidentally, the ROM area 11-3 may be, for example, an OTP (One TimeProgram) area into which data is permitted to write only once or anordinary area permitted to read and write into in the manufacturingprocess of the NAND flash memory 10 before being converted into aread-only area by rewriting a management flag after shipment.Alternatively, a method may be used in which the specific write commandfor accessing to the ROM area and different to the command for accessingto the normal area is prepared, and this specific write command is notprovided to the recipient of the NAND flash memory 10. In addition, theROM area may be handled as an ordinary area in the NAND flash memory 10,but the controller 19 limits functions provided to the host device 20 toreading only.

Because, as will be described below, information recorded in the ROMarea 11-3 is associated with information recorded in the hidden area11-2, if information recorded in the ROM area 11-3 is tampered with, theauthentication function of the NAND flash memory 10 cannot be made towork effectively. Therefore, there is no cause for security concern dueto tampering and thus, the ROM area 11-3 may be replaced with anordinary area in which the reading and writing data is permitted. Insuch a case, the ROM area 11-3 in FIG. 1 may be replaced with theread/write area (ordinary area) 11-1. In this connection, a portion ofdata recorded in the ROM area 11-3 may be recorded in the read/writearea (ordinary area) 11-1. For example, a configuration in which indexinformation v (index of FKey) is recorded in the read/write area(ordinary area) and encrypted secret identification information(E-SecretID) and index information v (index of FKey) are recorded in theROM area 11-3 is allowed. The above configuration examples of the ROMarea 11-3 are also applicable to the ROM area 11-3 described herein asother embodiments or modifications below.

E-SecretID is data obtained by encrypting SecretID attached uniquely toeach of the NAND flash memories 10 by FKeyv. Alternatively, the sameencrypted secret identification information may be recorded in aplurality of NAND flash memories as usage. For example, in pre-recordingcontent distribution, the same content data is recorded in NAND flashmemories in advance to sell the NAND flash memories, and the sameE-SecretID is recorded in the NAND flash memories storing the content.

The data cache 12 temporarily stores data read from the cell array 11.

The data generators 13, 14 are circuits that generate output data from aplurality of pieces of input data by a preset operation.

The data generator 13 generates secret information HKeyi,j by convertinga constant HCj received from the host device 20 by using the abovesecret information NKeyi. The data generator 14 generates a session keySKeyi,j by converting a random number RNh received from the host device20 by using the secret information HKeyi,j. The data generators 13, 14can be implemented as hardware (circuit), software, or a combination ofhardware and software.

If the data generators 13, 14 are implemented as circuits, the samecircuit as the one-way converter 15 described below, a circuit divertingthe one-way converter, or an Advanced Encryption Standard (AES)encryptor can be used to make the circuit size smaller as a whole.Similarly, the same circuit can be used repeatedly for two datagenerators illustrated as different structural elements to make the dataprocessing procedure easier to understand. In this example, aconfiguration of HKeyi,j=AES_E (NKeyi, HCj), SKeyi,j=AES_E (HKeyi,j,RNh) and the like can be adopted. That is, a first data generator 13 isconfigured to generate a second key HKey by encrypting a host constantHC with the first key NKey in AES operation. A second data generator 14is configured to generate a session key SKey by encrypting a randomnumber RN with the second key HKey in AES operation.

The one-way converter 15 performs a one-way conversion on input data andkey data input separately to output one-way converted input data. Theone-way converter 15 can be implemented as hardware (circuit), software,or a combination of hardware and software.

The one-way converter 15 converts the SecretID read from the hidden area11-2 by a one-way function using the SKeyi,j generated by the datagenerator 14 to generate one-way conversion identification informationOneway-ID (=Oneway(SKeyi,j, SecretID)). If implemented as a circuit, theone-way converter 15 can also be used by diverting the data generator 14or the like to make, as described above, the circuit size smaller as awhole. In this example, a configuration like Oneway-ID=AES_E(SKeyi,j,SecretID) (+) SecretID can be adopted. That is, one-way functionprocessor 15 is configured to generate an authentication informationOneway-ID by processing the secret identification information SecretIDwith the session key SKey in one-way function operation.

Though not shown, an output unit to output data to the host device 20via the controller 19 and like are actually arranged as structuralelements.

1-2. Host Device

In the present embodiment, the host device 20 is an authenticator.

As shown in FIG. 1, the host device 20 according to the presentembodiment includes a decrypter (Decrypt) 21, an FKB processor (ProcessFKB) 22, a memory (Memory) 23, a random number generator (RNG) 24, aselector (Select 2) 25, a data generator (Generate) 26, a one-wayconverter (Oneway) 27, and a data verification unit (Verify) 28. Inaddition, for example, an error correction processing unit and the likemay be included if necessary.

The decrypter 21 decrypts input data by using key data input separatelyto output decrypted input data. In the present embodiment, the decrypter21 reads E-SecretID from the NAND flash memory 10 via the controller 19.Then, the decrypter 21 decrypts the E-SecretID by using hiddeninformation FKey input from the FKB processor 22 (data selector 22-1)described below to output SecretID.

The FKB processor 22 decrypts key management information FKBv read fromthe NAND flash memory 10 by using secret information IDKeyk and indexinformation k of the IDKeyk hidden in the memory 23 to output generatedhidden information FKey to the decrypter 21. In the present embodiment,the FKB processor 22 includes a data selector (Select 1) 22-1 and adecrypter (Decrypt) 22-2.

The data selector 22-1 in the first stage selects data that can bedecrypted by IDKeyk hidden in the memory 23 by using index information krecorded in the memory 23 from among an encrypted FKey bundle (keymanagement information FKBv) read from the NAND flash memory 10 andoutputs the selected data to the decrypter 22-2.

The decrypter 22-2 decrypts data selected by the data selector 22-1 byusing the IDKeyk hidden in the memory 23 to output generated hiddeninformation FKey to the decrypter 21.

The memory 23 records k, IDKeyk, set of HKeyi,j (i=1, . . . , m; j is afixed value for HKeyi,j), and HCj and hides at least IDKeyk and set ofHKeyi,j (i=1, . . . , m) from outside the host device 20. The HCj is aconstant held in the host device 20 in advance to be sent to the NANDflash memory 10 when authentication is requested (Requestauthentication). Details thereof will be described below.

The random number generator 24 generates and outputs a random number RNhused for an authentication process.

The data selector 25 in the second stage selects HKeyi,j needed for theauthentication process from the set of HKeyi,j hidden by the host device20 by using index information i read from the ROM area 11-3 of the NANDflash memory 10 via the data cache 12.

The data generator 26 is an operation unit that generates output data byperforming a predetermined operation on a plurality of pieces of inputdata. In the present embodiment, the data generator 26 generates asession key SKeyi,j by converting RNh generated by the host device 20 byusing HKeyi,j hidden by the host device 20. As the data generator 26,for example, the above AES encryptor may be used.

The one-way converter 27 converts SecretID output from the decrypter 21by a one-way function using SKeyi,j output from the data generator 26 togenerate one-way conversion identification information Oneway-ID.

The data verification unit 28 compares Oneway-ID received from the NANDflash memory 10 and Oneway-ID obtained from the one-way converter 27 inthe host device 20 to see whether both Oneway-IDs match. If both valuesof the one-way conversion identification information Oneway-ID match(OK), the data verification unit 28 judges that SecretID obtained by thedecrypter 21 is an authentic ID and delivers the obtained SecretID tosubsequent processes. On the other hand, if both values thereof do notmatch (NG), the data verification unit 28 judges that the SecretID is anunlawful ID and outputs a message to that effect.

In addition, as means for revoking an unlawful host device when secretinformation held by the host device 20, for example, IDKeyk and HKeyi,jare leaked and the unlawful host device having the leaked information isproduced by an illegal manufacturer, countermeasures such as removinginformation from the key management information (FKBv) with which FKeycan be derived from IDKeyk held by the unlawful host device. Thecountermeasures will be described below in connection with thedescription with reference to FIG. 3. When taking the countermeasures,it is useful to provide association among IDKeyk, k, HKeyi,j, and HCj.This is because if there is such association, both of secret informationIDKeyk and HKeyi,j held by the unlawful host device can be identified byobserving HCj notified by the unlawful host device for authentication.Sharing information of all or a portion of HCj with IDKeyk, configuringinformation of all or a portion of HCj based on a result of anencryption process of IDKeyk, and configuring information of all or aportion of IDKeyk based on a result of an encryption process of HCj canbe adopted as methods of association. Further, it is desirable to useHKeyi,j, in addition to FKey and IDKeyk to generate key managementinformation FKBv. This will be described below in a paragraph in which aconfiguration example of FKB is described.

The secret information IDKeyk and secret information HKeyi,j arerecorded, for example, after being encrypted by a method specific to themanufacturer in an internal dedicated memory if the host device 20 is adedicated hardware device like a consumer device, held in a state thatcan be protected from an unlawful analysis by tamper resistant software(TRS) technology if the host device 20 is a program executed in a PC orthe like, or recorded in a state after measures to hide the secretinformation being taken by using the function of a security module ifthe security module is contained.

The controller (Controller) 19 performs data transfer with the hostdevice 20 by controlling the NAND flash memory 10. For example, thecontroller 19 interprets an instruction received from the host device 20and converts the instruction into an instruction conforming to theinterface specifications of the NAND flash memory 10 before sending outthe instruction to the NAND flash memory 10. The controller 19 can adoptvarious interface standards such as the SD Memory standard, SDIOstandard, and eMMC standard if necessary.

The controller 19 secures a portion of the ordinary area 11-1 to storecontrol data needed for the operation of the controller 19. Thecontroller 19 may have a function to convert a logical address receivedfrom the host device 20 into a physical address of the NAND flashmemory. The controller 19 may also have a function to perform theso-called wear leveling to make exhaustion of the cell array 11 uniform.However, at least the hidden area 11-2 is excluded from wear leveling.

The configuration example of the memory system is not limited to the onedescribed above. For example, an error correction processing unit (notshown) and other structural elements may be included if necessary.Further, there may be a plurality of pieces of secret information NKeyiheld by the NAND flash memory 10. That is, if a combination of NKeyi andindex information i corresponding thereto is defined as a slot, aplurality of slots is recorded in the NAND flash memory 10. A slotnumber is attached to each of the slots and the host device 20 readsindex information i of each slot number and selects one of the slots toperform authentication. In this case, the host device 20 notifies theNAND flash memory 10 of information corresponding to the selected slotnumber and the NAND flash memory 10 executes an authentication processby using information corresponding to the notified slot number. Further,a plurality of information slots may be held by defining all informationheld by the NAND flash memory 10 as one slot. That is, NKeyi, i, FKBv,v, SecretID, and E-SecretID are defined as one slot and a plurality ofslots is recorded in the NAND flash memory 10. A slot number is attachedto each of the slots and the host device 20 reads index information i ofeach slot number and selects one of the slots to perform authentication.In this case, the host device 20 notifies the NAND flash memory 10 ofinformation corresponding to the selected slot number and the NAND flashmemory 10 executes an authentication process by using informationcorresponding to the notified slot number.

The method by which the NAND flash memory 10 has a plurality of slots isshown above, but the method is not limited to the above one and anyconfiguration sharing a portion of information by a plurality of slotscan be adopted. For example, SecretID, E-SecretID, FKBv, and index v maybe shared by a plurality of slots while other information beingindividually held by each slot.

The method by which the NAND flash memory 10 has a plurality of slotsand slot numbers and which slot to use for authentication is notified bythe host device 20 is applicable to all other embodiments describedherein below.

<2. Authentication flow>

Next, the authentication flow of a memory system according to the firstembodiment will be described along FIG. 2.

(Step S11)

When the authentication is started (Start), the host device 20 reads anencrypted FKey bundle (FKB: Family Key Block), which is key managementinformation, and encrypted secret identification information SecretID(E-SecretID) from the NAND flash memory 10.

(Step S12)

Subsequently, the host device 20 reads encrypted hidden information FKeythat can be decrypted by the host device 20 by executing a dataselection process by the data selector (Select 1) 22-1 from the read keymanagement information FKB and also obtains hidden information FKey bydecrypting the encrypted hidden information FKey by the decrypter 22-2using hidden secret information IDKeyk. Further, the host device 20obtains secret identification information SecretID by decrypting theE-SecretID read from the NAND flash memory 10 using the obtained FKey.

(Step S13)

Subsequently, the host device 20 requests to read index information i tothe NAND flash memory 10.

(Step S14)

Subsequently, in response to the request from the host device 20, theNAND flash memory 10 loads the index information i from the cell array11 and outputs the index information i to the host device 20.

(Step S15)

Subsequently, the host device 20 generates a random number RNh neededfor an authentication request. By using RNh for the authenticationprocess, a common key that is different each time can be used with theNAND flash memory 10 for processes below.

(Step S16)

Subsequently, the host device 20 sends out a constant HCj held inadvance and the RNh to the NAND flash memory 10 along with the anauthentication request (Request authentication).

(Step S17)

Subsequently, the NAND flash memory 10 loads secret information NKeyi(i=1, . . . , m) and secret identification information SecretID from thehidden area 11-2, which are stored in the data cache 12.

(Step S18)

Subsequently, the NAND flash memory 10 generates secret informationHKeyi,j by a data generation process of the data generator 13 using thehidden secret information NKeyi and the constant HCj received from thehost device 20.

(Step S19)

Subsequently, the NAND flash memory 10 generates a session key SKeyi,j(=Generate(HKeyi,j, RNh)) by a data generation process of the datagenerator 14 using the received RNh.

(Step S20)

Subsequently, the NAND flash memory 10 generates one-way conversionidentification information Oneway-ID (=Oneway(SKeyi,j, SecretID)) byexecuting a one-way conversion process of the one-way converter 15 onthe SecretID using the SKeyi,j. The generated Oneway-ID is sent out tothe host device 20. That is, data output interface is configured tooutput the encrypted secret identification information E-SecretID, thefamily key block FKB and the authentication information Oneway-ID tooutside of the authenticator.

(StepS21)

In parallel with step S18, the host device 20 selects HKeyi,j needed foran authentication process with the NAND flash memory 10 from the set ofHKeyi,j (i=1, . . . , m) hidden in advance using the received index i.

(Step S22)

Subsequently, the host device 20 generates the SKeyi,j(=Generate(HKeyi,j, RNh)) by a data generation process of the datagenerator 26 using the selected HKeyi,j and the generated RNh.

(Step S23)

Subsequently, the host device 20 generates Oneway-ID by executing aone-way conversion process of the one-way converter 27 on the SecretIDusing the generated SKeyi,j.

(Step S24)

Subsequently, the host device 20 determines whether the Oneway-IDreceived from the NAND flash memory 10 and the Oneway-ID generated bythe host device 20 match. If both values of the Oneway-ID match (OK),the host device 20 judges that the SecretID obtained by the decrypter 21is an authentic ID and delivers the SecretID to subsequent processes. Onthe other hand, if both values thereof do not match (NG), the hostdevice 20 judges that the SecretID is an unlawful ID and outputs amessage to that effect.

With the above operation, the authentication flow according to the firstembodiment is completed (End).

If the NAND flash memory 10 has a plurality of slots as described in aconfiguration example of the memory system, the host device 20 needs tonotify the NAND flash memory 10 of the slot number used forauthentication. In such a case, the slot number may be notified in stepS16 or in a step before step S16.

<3. FKB (Family Key Block)>

Next, key management information FKB (Family Key Block) according to thefirst embodiment will be described in more detail by using FIG. 3.

To generate key management information FKB conforming to the NAND flashmemory 10 in which secret identification information SecretID isrecorded, one piece of FKeyv after another is encrypted (Encrypt) byusing one IDKeyi (i=1, . . . , n) (Set of IDKeyi's) after another assecret key information prepared in advance. That is, the key managementinformation FKB is a set of encrypted FKeyv (E-FKeyv,i)=Encrypt (IDKeyi,FKeyv) and the set of encrypted FKeyv is called an encrypted FKeybundle.

Incidentally, the configuration of the key management information FKB isnot limited to the configuration in the present embodiment. For example,in case where the specific IDKeyi is leaked, encrypted FKeyv (E-FKeyv)which can be decrypted from the leaked IDKeyi is deleted from the FKB.As a result, when the host device 20 accesses the NAND flash memory withthe newly configured FKB, the host device 20 can not obtain (decrypt)correct FKeyv and SecredID. In this manner, the function to revoke thehost device 20 holding the secret information IDKeyi can be provided.

When, as described above, IDKeyk, k, HKeyi,j, and HCj are associated,HKeyi,j may also be diverted, in addition to FKey and IDKeyk, for thegeneration of FKBv. For example, configurations such asE-FKeyv,i=Encrypt (Encrypt(IDKeyi, FKeyv), HKeyi,j), E-FKeyv,i=Encrypt(Encrypt(HKeyi,j, FKeyv), IDKeyi), and E-FKeyv,i=Encrypt(HKeyi,j,IDKeyi(+)FKeyv) may be adopted. This has the effect of preventing, whenkeys are leaked from a plurality of the host devices 20, the secret keysIDKeyi, HKeyi,j of different devices being combined. That is, by makingdecryption of FKey impossible unless IDKeyi and HKeyi,j are correctlycombined, observing HCj reveals tied HKeyi, j and further IDKeyi can beidentified so that exposed IDKeyi can be revoked.

Further, the method of generating the key management information FKB isnot limited to the method in the present embodiment. For example, thefunction to revoke the host device 20 can also be provided if the keymanagement information FKB is generated by using conventional MKB (MediaKey Block) technology used in CPRM or another MKB technology.

The MKB technology efficiently shares common secret information (MediaKey) (among devices not to be revoked) while realizing device revocationin a situation in which each of a plurality of devices has a mutuallydifferent piece of secret information and is also called BroadcastEncryption.

If the MKB technology is applied, for example, a configuration exampleof the memory system is shown like in FIG. 4. The shown memory system isdifferent from the memory system in FIG. 1 in that the FKB processor(Process FKB) 22 is shown as a superordinate concept. Also in this case,the exposed key can be identified and revoked by associating the data ofFKB decrypted based on the node number of the host device 20 that isinformation corresponding to K or IDKeyi and a host key group allocatedto the node number with HKeyi,j and HCj.

<4. Writing Secret Information and FKB>

Next, writing secret information or key management information FKB intothe NAND flash memory 10 will be described.

4-1. When Writing Secret Information or Key Management Information FKBDuring Manufacture of the NAND Flash Memory

First, a case where secret information or key management information FKBis written, for example, during manufacture of the NAND flash memory 10will be described by using FIGS. 5 and 6. The description will beprovided along the flow in FIG. 6.

A licensing administrator 40 generates data below: key managementinformation FKBv (v=1, . . . , n), hidden information FKeyv(v=1, . . . ,n), index information v (v=1, . . . , n), secret information NKeyi, andindex information i. FKBv is generated by, as described above,encrypting FKeyv. In addition, v may be a plurality of values. If, forexample, the licensing administrator 40 generates three values of 1, 2,and 3 as v, the licensing administrator 40 generates (FKB1, FKey1),(FKB2, FKey2), and (FKB3, FKey3) in accordance with the generated v.

Of the generated data, the licensing administrator 40 deliversFKeyv(v=1, . . . , n), v(v=1, . . . , n), NKeyi, i to a memory vendor30. For the delivery the data, for example, the licensing administrator40 uses safe means such as sending the data to the memory vendor 30after the data being encrypted by using a public key of the memoryvendor 30 obtained in advance.

In the memory vendor 30, there are selectors 32, 33, a generator 34, andan encryption unit 35, in addition to the NAND flash memory 10. Thememory vendor 30 further holds data 31 such as FKBv (v=1, . . . , n)delivered by the licensing administrator 40

(Step S31)

With the above configuration, the memory vendor 30 first generatesSecretID by the generator (SecretID Generator) 34.

(Step S32)

Subsequently, the memory vendor 30 that receives the data 31 selects onevalue from v by the selector 32. Further, the selector 32 selects FKeyvcorresponding to the selected v. The memory vendor 30 encrypts thegenerated SecretID to generate E-SecretID by using the selected FKeyv.

(Step S33)

Subsequently, the memory vendor 30 writes the value of v into the ROMarea 11-3 of the NAND flash memory 10 as the index information v (indexof FKey).

The memory vendor 30 also writes the value of index information i (indexof NKey) into the ROM area 11-3 of the NAND flash memory 10 and thevalue of NKeyi into the hidden area 11-2.

Further, the memory vendor 30 writes the value of SecretID into thehidden area 11-2 of the NAND flash memory 10 and the value of E-SecretIDinto the ROM area 11-3.

With the above operation, predetermined secret information and keymanagement information FKB can be written during manufacture of the NANDflash memory 10 (End). Regarding the order of writing each of the abovevalues, E-SecretID is a value obtained after an encryption process andcan be written after the encryption process by the encryption unit 35.Otherwise, there is no restriction on the order of writing operation andthe values may be written in an order different from the order of theabove example.

Further, the memory vendor 30 delivers the NAND flash memory 10 forwhich the write process is completed to a card vendor.

Thus, in the present embodiment, the NAND flash memory 10 can be assumedto be in a state in which index information v (index of FKey) or thelike is already written.

4-2. When FKB is Written by the Card Vendor

Next, a case where a card vendor 50 writes FKB will be described byusing FIGS. 7 and 8. The description will be provided along the flow inFIG. 8.

The card vendor 50 receives the NAND flash memory 10 to which thepredetermined information v and the like have been written from thememory vendor 30.

Then, the card vendor 50 manufactures storage media (here, Card) 55 forgeneral users like, for example, SD cards by connecting the controller19 that controls the NAND flash memory 10.

In the card vendor 50, there is a selector 52, in addition to thestorage media (Card) 55 and data (FKBv) 51 received from the licensingadministrator 40.

The process to write key management information FKBv by the card vendor50 is as follows.

(Step S35)

First, the card vendor 50 receives the FKBv from the licensingadministrator 40 as the data 51. For the delivery of the data 51, theabove safe means is used.

Then, the card vendor 50 reads the value of the index information vrecorded in the ROM area 11-3 of the NAND flash memory 10 into the datacache 12 or the like (via the controller 19).

(Step S36)

Subsequently, the card vendor 50 selects the FKBv corresponding to thevalue of the read index information v through the selector 52.

(Step S37)

Subsequently, the card vendor 50 writes the selected FKBv into theread/write area 11-1 of the NAND flash memory 10 via the controller 19.

<Advantageous Effects>

According to the authenticator, authenticatee and authentication methodaccording to the first embodiment, at least the following advantageouseffects (1) to (3) can be obtained.

(1) Even if secret information has leaked from the host device 20, it ispossible to prevent unlawful use of secret information of the NAND flashmemory 10 using the leaked information.

The host device 20 as an authenticator may be provided, as describedabove, not only as a dedicated hardware device such as a consumerdevice, but also, for example, as a program executable in a PC or thelike, and, in some cases, the software functions as a substantial hostdevice. On the other hand, the NAND flash memory 10 as an authenticateeis recording media. Even in the case where a program called “firmware”mediates, an important process or information is stored in a hiddenstate in hardware in the cell array 11.

Thus, there is concern that the tamper-resistance (the resistance toattacks) of software executed in a PC becomes lower, compared to therecording media. Thus, there is concern that, by attacking the hostdevice (authenticator) 20 with a low tamper-resistance, secretinformation hidden in the NAND flash memory (authenticatee) 10 with ahigh tamper-resistance is also exposed, leading to a disguise as adevice with a high tamper-resistance.

Thus, in the configuration according to the first embodiment and theauthentication method therefor, as described above, the NAND flashmemory 10 with a relatively high tamper-resistance hides first keyinformation (NKeyi) that can generate second key information (HKeyi,j)therefrom in the cell array 11. On the other hand, the host device 20hides only the second key information (HKeyi,j) that cannot generate thefirst key information (NKeyi) therefrom in the memory 23.

Thus, the NAND flash memory 10 generates the second key information(HKeyi,j) hidden by the authenticator 20 by using the constant HCjreceived from the host device 20 and the first key information (NKeyi)hidden by the NAND flash memory 10. The NAND flash memory 10 furthergenerates a session key SKeyi,j using the second key information(HKeyi,j) and the random number RNh.

The host device 20 generates a session key SKeyi,j using the second keyinformation (HKeyi,j) selected by the index information i and the randomnumber RNh. As a result, the NAND flash memory 10 and the host device 20share the same session key SKeyi,j.

Thus, in the present embodiment, the secret level of information hiddenby the NAND flash memory (authenticatee) 10 and the secret level ofinformation hidden by the host device (authenticator) 20 can be madeasymmetric. In the present embodiment, for example, the secret level ofinformation hidden by the NAND flash memory 10 with a relatively hightamper-resistance can be set higher than the secret level of informationhidden by the host device 20 with a relatively low tamper-resistance.

Thus, even if information hidden by the host device 20 has leaked, theNAND flash memory 10 cannot be “disguised” by using the leakedinformation because the secret level of information hidden by the NANDflash memory 10 with a relatively high tamper-resistance is higher.Therefore, unlawful use of secret information of the NAND flash memory10 using the leaked information can advantageously be prevented. As aresult, for example, it becomes possible to reliably determine that IDinformation read from the host device 20 is information that has beenread from the intended authenticatee 10 and to revoke unlawful usethereof by remote parties.

(2) Advantages for Implementation

In a configuration like the present embodiment, as described above,restrictions are also imposed on circuit scales, for example, in anenvironment in which hardware implementation of a public keycryptosystem process or an MKB process, which requires a relativelylarge circuit scale, is difficult to achieve. That is, a relativelylarge scale circuit is required for a public key cryptosystem process oran MKB process. On the other hand, a circuit area has been limited andhardware implementation has been difficult.

However, according to the present embodiment, though the key informationis asymmetric, there is no need to use the public key cryptosystemprocess requiring a relatively large circuit scale. Further, by makingthe secret levels of information hidden by the host device(authenicator) 20 and the NAND flash memory (authenticatee) 10asymmetric as described above, authentication means is implemented bywhich with information leaked from one device alone, the other devicecannot be disguised and the session key SKeyi,j is shared by theauthenticator 20 and the authentacee 10.

Thus, implementation can be said to be advantageous even in a severeenvironment in which the above restrictions are imposed. Further, asdescribed above, the circuit scale can be further reduced by sharing thedata generator and encryptor in a memory system as the same process.

(3) The Manufacturing Process can Advantageously be Simplified andManufacturing Costs can be Reduced.

The NAND flash memory 10 according to the present embodiment includes inthe read/write area 11-1 key management information (FKBv) attacheduniquely to each of the NAND flash memories 10 in accordance with usesthereof or commonly to a plurality of the NAND flash memories 10 inunits of the production lot or the like. Further, the NAND flash memory10 according to the present embodiment includes in ROM area 11-3encrypted secret identification information (E-SecretID) attacheduniquely to each of the NAND flash memories 10.

If the key management information (FKBv) is made common in units of theproduction lot, unique information that needs to be recorded in each ofthe NAND flash memories 10 can be reduced to small data in data sizesuch as the encrypted secret identification information (E-SecretID). Inother words, the data size of unique encrypted secret identificationinformation (E-SecretID) to be written into the NAND flash memories 10can be reduced by dividing information to be written into commonlyattached key management information (FKBv) and unique encrypted secretidentification information (E-SecretID) and encrypting the informationin two stages.

For example, as shown in FIGS. 5 and 6 above, the memory vendor 30writes unique information (E-SecretID) into each of the NAND flashmemories 10 received from the licensing administrator 40 duringmanufacture of the NAND flash memories.

The encrypted key management information (FKBv) commonly attached to theNAND flash memories 10 can commonly be written into the NAND flashmemories 10 by the card vendor 50. For example, as shown in FIGS. 7 and8 above, the card vendor 50 writes the common key management informationFKBv to each of the NAND flash memories 10 received from the licensingadministrator 40. Thus, the size of unique data that must be writteninto each of the NAND flash memories 10 by the memory vendor 30 can bereduced.

If information unique to the NAND flash memory 10 and whose data size islarge is written during manufacture of the NAND flash memories 10, themanufacturing process will be more complex and the manufacturing timewill be longer, leading to increased costs of manufacturing. Accordingto the configuration and method in the present embodiment, however, sucha complex manufacturing process becomes unnecessary by dividinginformation to be written into commonly attached key managementinformation FKBv and unique encrypted secret identification information(E-SecretID) and encrypting the information in two stages and therefore,the manufacturing process can advantageously be simplified andmanufacturing costs can be reduced. Moreover, the manufacturing time canbe shortened, offering advantages of being able to reduce powerconsumption.

Also on the side of the host device 20, advantages similar to those ofthe NAND flash memory 10 can be gained by adopting a configuration ofgenerating E-SecretID by encrypting SecretID, which is a unique value tothe NAND flash memory, by using hidden information FKey and furthergenerating key management information FKB by encrypting FKey usingIDKeyk.

[First Modification (when Fkb is Downloaded and Written Later)]

An authenticator, an authenticatee, and an authentication methodaccording to a first modification will be described. In the description,overlapping points with the first embodiment will be omitted.

<Writing FKB>

Writing an encrypted FKey bundle (FKB) will be described.

The process in the first modification is a process that is notparticularly needed if the encrypted FKey bundle (FKB) is written duringmanufacture of the NAND flash memory 10. However, the process relates toa write process of FKB needed when the NAND flash memory 10 and thecontroller 19 are connected and the NAND flash memory 10 is acquired bya general user as, for example, an SD card and FKB is written later onthe market when the card is used.

FIG. 9 shows a state in which the key management information FKB is, asdescribed above, recorded in the unrecorded storage media (Card) 55.

As shown in FIG. 9, the NAND flash memory 10 has NKeyi and SecretIDrecorded in the hidden area 11-2. Index information i needed to identifythe NKeyi, index information v needed to identify FKB, and SecretID(E-SecretID) encrypted by FKeyv specified by the index information v arerecorded in the ROM area 11-3.

The first modification is different from the first embodiment in thatthe FKB, which is an encrypted FKey bundle, is not recorded in theread/write area 11-1.

Next, a case where the FKB is, as described above, downloaded from aserver and recorded in the unrecorded storage media 55 will be describedby using FIG. 10.

In this case, as shown in FIG. 9, the data cache 12 is arranged in theNAND flash memory 10 if necessary.

A server 70 according to the present embodiment includes an FKB database (Set of FKBi's (i=1, . . . , x)) 71 and a selector 72 to selectFKBv based on index information v.

The server 70 and the memory system (the NAND flash memory 10, thecontroller 19, and the host device 20) are electrically connected forcommunication via an Internet 60.

The host device 20 includes a function to determine whether it isnecessary to newly write FKB and to request FKB from the server ifnecessary.

<FKB Write Flow>

Next, the flow to download an encrypted FKeyID bundle (FKB) from theserver 70 and to write the FKB into the NAND flash memory 10 will bedescribed along FIG. 11.

(Step S41)

First, as shown in FIG. 11, when the host device 20 determines that itis necessary to download FKB, FKB writing is started and the host device20 issues an FKB request to the server 70.

(Step S42)

Subsequently, the server 70 requests index information v needed toidentify FKeyv from the NAND flash memory 10.

(Step S43)

Subsequently, the NAND flash memory 10 reads v from the ROM area 11-3and sends out v to the server.

(Step S44)

Subsequently, the server 70 selects FKBv corresponding to the received vfrom the FKB database 71.

(Step S45)

Subsequently, the server 70 sends out the selected FKBv to the NANDflash memory 10.

(Step S46)

Subsequently, the NAND flash memory 10 writes the received FKBv into theread/write area 11-1 for recording.

With the above operation, the download flow of the encrypted FKey bundle(FKB) according to the first modification is completed. (End).

Other configurations and operations are substantially the same as thosein the first embodiment.

<Advantageous Effects>

According to the authenticator, authenticatee and authentication methodaccording to the first modification, at least the advantageous effects(1) to (3) similar to those in the first embodiment can be obtained.

Further, according to the first modification, the present embodiment canbe applied if necessary when FKB is written later.

[Second Embodiment]

Next, a second embodiment will be described. In the description,overlapping points with the first embodiment will be omitted.

In the first embodiment, after the authentication of the NAND flashmemory 10 by the host device 20 is successfully completed, both shareSecretID. As a process after the authentication, for example, the hostdevice 20 encrypts content and writes the encrypted content into theNAND flash memory 10. For this process, using the shared SecretID can beconsidered.

The present embodiment intends to protect SecretID even in such aprocess. Thus, in the description, overlapping points with the firstembodiment will be omitted.

<Memory System>

A memory system according to the second embodiment is shown as in FIG.12.

As shown in FIG. 12, the memory system according to the presentembodiment is different from that in the first embodiment in that thesystem further includes a one-way converter (Oneway) 27B, a switch unit29, and information (ASSV) commonly held by all host devices 20 handlingtarget content.

The switch unit 29 turns on a signal path to output SecretID to theone-way converter 27B if a determination result when both values ofOneway-ID match in a data verification unit (Verify) 28 (OK) is input asa control signal.

The one-way converter (Oneway) 27B converts SecretID input from theswitch unit 29 by a one-way function using the information (ASSV)commonly held by all host devices handling target content to generateone-way conversion identification information EMID(EMID=Oneway(SecretID,ASSV)).

Thus, in the second embodiment, after SecretID being verified by thehost device 20, the host device 20 converts SecretID using ASSV commonlyheld by all intended host devices to calculate EMID. Thus, the hostdevice 20 can execute the process of content encryption and the like byusing EMID, instead of SecretID.

Other configurations and operations are substantially the same as thosein the first embodiment and thus, a detailed description thereof isomitted.

<Advantageous Effects>

According to the authenticator, authenticatee and authentication methodaccording to the second embodiment, at least the advantageous effects(1) to (3) similar to those in the first embodiment can be obtained.

Further, the second embodiment is different from the first embodiment inthat the host device 20 further includes the information (ASSV) commonlyheld by the one-way converter (Oneway) 27B, the switch unit 29, and allhost devices handling target content.

According to the above configuration, after the secret identificationinformation SecretID being verified by the host device 20, the hostdevice 20 converts the secret identification information SecretID usingthe information (ASSV) commonly held by all intended host devices tocalculate one-way conversion identification information EMID. Thus, thehost device 20 can execute the process of content encryption and thelike by using the one-way conversion identification information EMID,instead of the secret identification information SecretID.

As a result, though not shown, the one-way conversion identificationinformation EMID can be used for content encryption in a postprocess andthus, the secret identification information SecretID can be preventedfrom being leaked in the postprocess, further advantageously increasingconfidentiality of the secret identification information SecretID.Details thereof will be described below.

[Third Embodiment]

Next, a third embodiment will be described. The third embodiment relatesto an example in which a NAND flash memory 10 authenticates a hostdevice 20. The present embodiment shows a method of reading SecretID inthe NAND flash memory 10 in a state hidden from third parties and alsoof reliably determining that the data has been read from the NAND flashmemory 10 and also a method by which the NAND flash memory 10 inspectsthe host device 20.

In the description, overlapping points with the above embodiments willbe omitted.

<Memory System>

A memory system according to the third embodiment will be described byusing FIG. 13.

As shown in FIG. 13, the present embodiment is different from the firstembodiment in that the NAND flash memory 10 further includes a functioncontroller 18, a random number generator 24 n, and a data verificationunit 28 n, and the host device 20 further includes a function call unit30.

The random number generator (RNG) 24 n generates a random number RNnused for authentication.

The data verification unit (Verify) 28 n compares Oneway-ID receivedfrom the host device 20 and Oneway-ID obtained from a one-way converter15 in the NAND flash memory 10 to see whether both Oneway-IDs match. Ifboth values match, the data verification unit 28 n determines that thehost device 20 has obtained the correct Oneway-ID (OK) and if bothvalues do not match, the data verification unit 28 n determines that thehost device 20 has not obtained the correct Oneway-ID (NG).

Only if the host device 20 obtains the correct Oneway-ID (OK), thefunction controller 18 enables a predetermined function on a memory cellarray 11 so that the predetermined function of the NAND flash memory 10is made available to the host device 20. Further, HCj received from thehost device 20 may be input to the function controller 18 so that thepredetermined function is controlled in accordance with HCj. Thepredetermined function will separately be described below.

The function call unit 30 executes the process of calling apredetermined function of the NAND flash memory 10 when the host device20 receives access permission information (labeled with “AccessPermission” in FIG. 13) indicating that the NAND flash memory 10 hasverified the authenticity of Oneway-ID generated by the host device 20.

<Authentication Flow>

Next, the authentication flow of a memory system according to the thirdembodiment will be described along FIG. 14.

(Steps S11 to S14)

As shown in FIG. 14, the same process as in the first embodiment isexecuted from the authentication start (Start) to steps S11 to S14.

(Step S51)

Subsequently, when index information i is received, the host device 20sends out a random number generation request (Request RNn) to the NANDflash memory 10.

(Step S52)

Subsequently, the NAND flash memory 10 receives the request andgenerates RNn by the random number generator 24 n. The generated RNn issent out to the host device 20.

(Steps S21 to S23)

Subsequently, the host device 20 executes a process similar to steps S21to S23 in the first embodiment.

(Step S53)

Subsequently, the host device 20 requests for an authentication (Requestauthentication) to the NAND flash memory 10 and sends out HCj andOneway-ID.

(Steps S17 to S20)

Subsequent to a process similar to steps S17 to S19 described above, instep S20, the NAND flash memory 10 executes a one-way conversion processby the one-way converter 15 on SecretID by using the generated SKeyi,jto generate Oneway-ID (=Oneway(SKeyi,j, SecretID)).

(Step S54)

Subsequently, the NAND flash memory 10 verifies that the receivedOneway-ID and generated Oneway-ID by the NAND flash memory 10 match. Ifboth Oneway-IDs match (OK), the NAND flash memory 10 determines that theSecretID is an authentic ID and if both Oneway-IDs do not match (NG),the NAND flash memory 10 determines that the SecretID is an unlawful ID.Then, the NAND flash memory 10 returns the determination result to thehost device 20 and also gives permission (Permission) of call acceptanceof a predetermined function.

(Step S55)

Subsequently, if the determination result in step S54 is a match (OK),the NAND flash memory 10 enables a predetermined function in thefunction controller 18 so that the predetermined function of the NANDflash memory 10 is made available to the host device 20.

(Step S56)

Subsequently, if the host device 20 receives access permissioninformation (Access Permission) indicating that the NAND flash memory 10has verified authenticity of Oneway-ID generated by the host device 20,the host device 20 returns an instruction to call the predeterminedfunction through the function call unit 30.

(Step S57)

Subsequently, the NAND flash memory 10 receives a function call andexecutes the process in the function controller 18 according to thefunction call instruction received from the host device 20 to return astatus (Status) of the process result.

In this case, HCj received from the host device 20 may be input to thefunction controller 18 so that the predetermined function is controlledin accordance with HCj. The predetermined function will separately bedescribed below.

<Advantageous Effects>

According to the authenticator, authenticatee and authentication methodaccording to the third embodiment, at least the advantageous effects (1)to (3) similar to those in the first embodiment can be obtained.Further, at least the following advantageous effects (4) and (5) can beobtained.

(4) The NAND flash memory 10 can authenticate the host device 20.

The present embodiment is different from the first embodiment in thatthe NAND flash memory 10 further includes the function controller 18,the random number generator 24 n, and the data verification unit 28 n,and the host device 20 further includes the function call unit 30.

Thus, according to the above configuration, the authentication functioncan be controlled in such a way that, for example, when the host device20 accesses the NAND flash memory 10, the NAND flash memory 10 providesa predetermined function only if the host device 20 is reliable enough.

Thus, according to the present embodiment, recording media such as NANDflash memories that are normally authenticatees can advantageouslyauthenticate the host device 20 the other way round.

(5) A mechanism that further controls whether to provide a predeterminedfunction in accordance with unique information (constant HCj) of theauthenticated host device 20 can advantageously be provided. Details ofthe predetermined function will be described below.

[Fourth Embodiment (Mutual Authentication)]

Next, a fourth embodiment will be described. The fourth embodimentrelates to an example in which a NAND flash memory 10 and a host device20 mutually authenticate.

In the description, overlapping points with the above embodiments willbe omitted.

<Memory System>

A memory system according to the fourth embodiment will be described byusing FIG. 15.

As shown in FIG. 15, the present embodiment includes a configurationsubstantially combining a memory system according to the firstembodiment and a memory system according to the third embodiment.

More specifically, the NAND flash memory 10 and the host device 20include random number generators 24 n, 24 h, generators 14-2, 26-2,one-way converters 15-2, 26-2, and data verification units 28 n, 28 h.Further, the present embodiment is different from the third embodimentin that the host device 20 further includes a switch unit 29B.

The operation of each of the configurations is the same as in the aboveembodiments.

<Authentication Flow>

Next, the authentication flow of a memory system according to the fourthembodiment will be described along FIG. 16. In principle, theauthentication flow according to the present embodiment performs anauthentication operation (the host device authenticates the NAND flashmemory) according to the first embodiment and then performs anauthentication operation (the NAND flash memory authenticates the hostdevice) according to the third embodiment.

(Steps S11 to S24)

As shown in FIG. 15, when the authentication is started (Start), firstthe host device 20 authenticates the NAND flash memory 10 by followingsteps S11 to S24 similar to those in the first embodiment.

At this point, similar authentication is performed by using a randomnumber RNh generated by the random number generator 24 h.

(Steps S51 to S70)

Subsequently, if the determination result in step S24 is a match (OK),the authentication of the NAND flash memory 10 is determined to becompleted.

Subsequently, the NAND flash memory 10 authenticates the host device 20by following steps S51 to S70 similar to those in the third embodiment.

At this point, similar authentication is performed by using a randomnumber RNn generated by the random number generator 24 n.

With the above steps, the authentication operation according to thefourth embodiment is completed (End).

<Configuration Example of the Function Control>

Next, a configuration example of the function control will be describedby using FIG. 17.

The function control is a control method of a predetermined functionaccording to the third and fourth embodiments by which, when the NANDflash memory 10 is an authenticator and the host device 20 is anauthenticatee, the NAND flash memory 10 authenticates the host device 20and provides the predetermined function to the host device 20 based onthe authentication result.

The configuration of the function control shown in FIG. 17 is includedin each of the NAND flash memories 10. The function control includes afunction controller 18 included in an authentication circuit 17, aparameter register 89, and a sequence control circuit 88.

The function controller 18 contained in the authentication circuit 17controls functions to provide the predetermined function to the hostdevice 20 based on an authentication result or unique information(constant HCj or the like) of the host device 20 if necessary. Thefunction controller 18 updates control parameters 890 contained in theparameter register 89 based on an authentication result or uniqueinformation of the host device 20.

The control parameters 890 in the parameter register 89 contain at leastone piece of access permission information (#0, #1, . . . , #3). Forexample, the access permission information #0 contains block addresses,page addresses, read attributes, write attributes, erase attributes, andunique information, or the like. A block address shows control of thememory cell array 11 associated with the block address. A page addressshows control of the memory cell array 11 associated with the pageaddress. A read attribute shows read permission information associatedwith a block address, or a block address and a page address. A writeattribute shows write permission information associated with a blockaddress, or a block address and a page address. An erase attribute showserase permission information associated with a block address, or a blockaddress and a page address. Unique information indicates that the accesspermission information is a control parameter of the host device 20having the specific information.

Each piece of the access permission information (#0, #1, . . . , #3)does not have to contain all the above information and may containinformation in accordance with the needed control level. For example,specific information may not be contained if the control based on theunique information (such as the constant HCj) of the host device 20 isnot needed. Further, the page address may not be contained if thecontrol in units of pages is not needed. Further, the block address maynot be contained if the control in any block address is not needed and,for example, the control is intended for a predetermined block only orthe whole NAND flash memory 10. Similarly, regarding read attributes,write attributes, and erase attributes, only those attributes offunctions that need the control may be contained.

The sequence control circuit 88 controls an operation sequence inaccordance with a command (CMD) provided by the host device 20 accordingto the control parameters 890. For a data read command, for example, thesequence control circuit 88 controls, based on read attributes of theaccess permission information in the control parameters 890, theoperation of reading (Read) data or rejecting to read data in accordancewith the provided read command. If reading is permitted in the readattributes, data can be read from a cell array 11. In addition, theabove operation example applies also to the data write operation anddata erase operation.

<Advantageous Effects>

According to the authenticator, authenticatee and authentication methodaccording to the fourth embodiment, at least the advantageous effects(1) to (5) similar to those described above can be obtained.

According to the present embodiment, the NAND flash memory 10 and thehost device 20 can mutually authenticate.

Further, the NAND flash memory 10 according to the present embodimentrealizes the function control by the configuration shown in FIG. 17. Thesequence control circuit 88 can control an operation sequence inaccordance with the provided command according to the control parameters890. Thus, the host device 20 authenticated by the NAND flash memory 10can advantageously be permitted (Process function) to execute variousfunction processes of the updated control parameters 890 based on uniqueinformation (constant HCj or the like) of the host device 20.

Further, the NAND flash memory 10 according to the present example caninclude the function control of the configuration shown in FIG. 17 alongwith the third and fourth embodiments.

[Fifth Embodiment (Configuration Example of the NAND Flash Memory)]

Next, a fifth embodiment will be described. The fifth embodiment relatesto a configuration example of a NAND flash memory 10 to which anauthentication function according to the first to fourth embodiments isapplied.

In the description, overlapping points with the above embodiments willbe omitted.

<Overall Configuration Example of the NAND Flash Memory>

An overall configuration example of the NAND flash memory 10 accordingto the fifth embodiment will be described by using FIG. 18.

As shown in FIG. 18, the NAND flash memory 10 includes a memory cellarray 11 and a peripheral circuit.

The memory cell array 11 includes a plurality of blocks BLOCK1 toBLOCKn. The configuration of each block, which will be described withreference to FIG. 19, contains a plurality of memory cell transistorsMC, word lines WL, and bit lines BL. Data in the memory cell transistorsMC in each block is erased by one operation. Data cannot be erased inunits of memory cell transistors or pages. That is, individual blocksare the minimum erasure units.

The peripheral circuit includes a sense amplifier 77, an input/outputcontrol circuit 84, and a logic control circuit 85.

The sense amplifier 77 reads data of a memory cell (memory celltransistor MC) in the memory cell array 11 via the bit line BL anddetects the state of a memory cell in the memory cell array 11 via thebit line BL.

A data cache 12 temporarily holds data read from the sense amplifier 77or data to be supplied to the sense amplifier 77.

A column decoder 75 selects the specific bit line BL, sense amplifier orthe like based on an address signal supplied via an IO terminal fromoutside the NAND flash memory 10.

A column address buffer 74 temporarily holds address signals to supplythe address signals to the column decoder 75.

A row decoder 78 receives various voltages needed for reading, writing,or erasing data from a voltage generator 86 to apply such voltages tothe specific word lines WL based on an address signal.

A row address buffer decoder 79 temporarily holds address signals tosupply the address signals to the row decoder 78.

The voltage generator 86 receives reference power supply voltages VSS,VCC, voltages VSSQ, VCCQ and the like to generate a voltage needed forwriting, reading, or erasing data from these voltages.

The input/output control circuit 84 receives various commands thatcontrol the operation of the NAND flash memory 10, address signals, andwrite data via the IO terminal and also outputs read data. Addresssignals output from the input/output control circuit 84 are latched byan address register 82. Latched address signals are supplied to thecolumn address buffer 74 and the row address buffer decoder 79. Commandsoutput from the input/output control circuit 84 are latched by a commandregister 83. A status register 81 holds various status values for theinput/output control circuit 84.

The NAND flash memory 10 receives various control signals forcontrolling a command, address, I0 terminal for data input/output, andoperation from outside as an external interface (NAND I/F). Controlsignals include, for example, a chip enable/CE, command latch enableCLE, address latch enable ALE, read enable RE and /RE, write enable WEand /WE, write protect WP, and clocks DQS, /DQS.

These control signals are received at corresponding terminals, and thentransferred to the logic control circuit 85. The logic control circuit85 controls the input/output control circuit 84 based on control signalsto permit or inhibit a signal on the terminal IO from reaching theaddress register 82, the command register 83, a page buffer 12 or thelike as a command, address, or data via the input/output control circuit84. The logic control circuit 85 also receives a latched command fromthe command register 83.

Of control signals, a WE terminal supplies a data input clock, an REterminal supplies a data output clock, a DQS terminal transmits a datainput/output clock, a CLE terminal is intended for enabling that inputdata input as a command, an ALE terminal is intended for enabling thatinputs data input as an address, and a CE terminal is intended to enableoverall functions of data input/output.

An R/B terminal indicates an internal operating state of the NAND flashmemory 10, a WP terminal transmits a write prevention signal to preventerroneous writing, and Vcc/Vss/Vccq/Vssq terminals are used to supplypower. Also in the present embodiment, a /RE terminal, /WE terminal, and/DQS terminal that transmit respective complementary signals are presentfor the RE terminal, WE terminal, and DQS terminal as terminals (Toggle)used when data transmission is realized by a high-speed interface.

The logic control circuit 85 includes a sequence control circuit 88, aparameter register 89, and an authentication circuit 17. The logiccontrol circuit 85 also manages output of a ready/busy signal (R/B).More specifically, the logic control circuit 85 outputs a busy signalwhile the NAND flash memory 10 is busy.

The sequence control circuit 88 receives a command from the commandregister 83. The sequence control circuit 88 controls the senseamplifier 77, the voltage generator 86 and the like so that the process(such as reading, writing, or erasing data) instructed by the commandcan be performed based on the received command.

The parameter register 89 holds a variety of the control parameters 890specifying the operation of the logic control circuit 85. The controlparameters 890 are referred to or updated by the sequence controlcircuit 88 and used for control of a sequence of the logic controlcircuit 85 or the input/output control circuit 84.

The authentication circuit 17 executes the process related to theauthentication. For example, as described above, the authenticationcircuit 17 also updates data, for example, rewrites the controlparameters 890 contained in the parameter register. The authenticationcircuit 17 receives a command requesting the authentication and performsa specific operation for the authentication by using specific data inthe memory cell array 11 to output the result out of the memory 10. Inthe process of executing a series of operations, the authenticationcircuit 17 permits the sequence control circuit 88 to read or writenecessary data through updates of the control parameters 890.

A ready/busy circuit (RY/BY) 87 makes a notification of an R/B signalout of the NAND flash memory 10 via a switch transistor under thecontrol of the logic control circuit 85.

<Configuration Example of the Block (BLOCK)>

Next, a configuration example of the block (BLOCK) forming the memorycell array 11 will be described by using FIG. 19. BLOCK1 in FIG. 18 istaken as an example for the description. Data in memory cells in theblock BLOCK1 is erased, as described above, by one operation and thus,the block is the unit of data erasure.

The block BLOCK1 includes a plurality of memory cell units MU arrangedin a word line direction (WL direction). The memory cell unit MUincludes a NAND string (memory cell string) formed of eight memory cellsMC0 to MC7 arranged in a bit line direction (BL direction) intersectingthe WL direction and whose current path is connected in series, a selecttransistor S1 on the source side connected to one end of the currentpath of the NAND string, and a select transistor S2 on the drain sideconnected to the other end of the current path of the NAND string.

In the present embodiment, the memory cell unit MU includes eight memorycells MC0 to MC7, but may include two memory cells or more, for example,56 or 32 memory cells and the number of memory cells is not limited to8.

The other end of the current path of the select transistor S1 on thesource side is connected to a source line SL. The other end of thecurrent path of the select transistor S2 on the drain side is connectedto a bit line BL provided above each memory cell unit MU correspondingto the memory cell unit MU and extending in the BL direction.

The word lines WL0 to WL7 extend in the WL direction to be commonlyconnected to control gate electrodes CG of a plurality of memory cellsin the WL direction. A select gate line SGS extends in the WL directionto be commonly connected to a plurality of select transistors S1 in theWL direction. A select gate line SGD also extends in the WL direction tobe commonly connected to a plurality of select transistors S2 in the WLdirection.

A page (labeled with “PAGE” in FIG. 19) exists for each of the wordlines WL0 to WL7. For example, as shown by being surrounded with abroken line in FIG. 19, page 7 (PAGE7) exists in the word line WL7.Because a data read operation or data write operation is performed foreach page (PAGE), the page (PAGE) is the data read unit and the datawrite unit.

Configuration Example of the Cell Array

Next, the structure of the memory cell array 11 will be shown by usingFIGS. 20A, 20B, 20C, and 20D.

As shown in FIG. 20A, the memory cell array 11 includes a plurality ofblocks (BLOCK) of a normal block 11-1, a hidden block 11-2, a ROM block11-3, a ROM fuse block 11-4, a protected block 11-5 and the like. Eachblock includes, as described above, a plurality of pages. Normally, datais read or written in units of pages and data is erased in units ofblocks.

As described above, both data writing and data reading are permitted tothe normal block 11-1, which is used for normal data holding. The normalblock corresponds to the above read/write area 11-1. The number ofblocks is not specifically limited.

As described above, the hidden block 11-2 and the ROM block 11-3 areapplied to the above authentication operation. The hidden block 11-2corresponds to the above hidden area 11-2. The ROM block 11-3corresponds to the above ROM area 11-3. The number of blocks is notspecifically limited in both cases.

In the present embodiment, as shown in FIG. 20B, read-only data isfurther recorded in the memory space of the ROM block 11-3.

In the present embodiment, as shown in FIG. 20C, hidden data is furtherrecorded in the memory space of the hidden block 11-2.

In the present embodiment, as shown in FIG. 20D, protected data used bythe authentication function described below is further recorded in thememory space of the protected block 11-5.

The ROM fuse block 11-4 is used, for example, for holding parameters foroperation control of the NAND flash memory 10.

<Read-Only Data in the ROM Block>

Next, read-only data in the ROM block 11-3 will be described by usingFIG. 21.

As shown in FIG. 21, read-only data is recorded in some page in thememory space of the ROM block 11-3. If read-only data is a sequence ofread-only data A to Z, FIG. 21 shows three examples of data patternsintended for error correction of data.

As shown in first data pattern, the first data pattern is an example ofrepeatedly recording the same data (A, A, . . . , B, B, . . . ). In thiscase, error corrections can be made by reading read-only data repeatedlyby the host device 20 and making a majority vote determination by anerror correction unit in the host device 20 or the like. Alternatively,error corrections can be made by reading read-only data repeatedly bythe controller 19 and making a majority vote determination by an errorcorrection unit in the controller 19 or the like. Alternatively, errorcorrections can be made by making a majority vote determination ofread-only data read repeatedly by an error correction unit in the NANDflash memory 10. For example, the number of times of repetition isdesirably 16 times or more.

As shown in a second data pattern of FIG. 21, the second data pattern isan example of repeatedly recording a complementary data pair formed ofdata (A, B, . . . ) and inverted data thereof (inversion of A, inversionof B, . . . ). In this case, error corrections can be made by readingread-only data repeatedly by the host device 20 and making a majorityvote determination in consideration of complementary data pairs by anerror correction unit in the host device 20 or the like. Alternatively,error corrections can be made by reading read-only data repeatedly bythe controller 19 and making a majority vote determination inconsideration of complementary data pairs by an error correction unit inthe controller 19 or the like. Alternatively, error corrections can bemade by making a majority vote determination in consideration ofcomplementary data pairs of read-only data read repeatedly by an errorcorrection unit in the NAND flash memory 10.

The reason why complementary data pairs are repeatedly recorded is dueto an error mode of the NAND flash memory 10. The NAND flash memory 10writes data by applying a predetermined voltage to the memory cell MC toinject electrons into a floating gate FG. Data is read by using athreshold voltage that varies depending on whether electrons are presentin the floating gate FG of the memory cell MC. Data is erased byapplying a voltage in the opposite direction of the voltage when data iswritten to extract electrons from the floating gate FG into thesubstrate. Though the amount of voltage application and a gate appliedwith the voltage in reading, writing, and erasing data are different,the voltage is applied in the memory cell MC in all these cases. Typicalerror modes of the NAND flash memory 10 caused by this principle includeread program disturb and data retention problem. Read program disturb isan error mode in which data changes due to a change of the amount ofelectrons in the floating gate FG after repeatedly reading the local oradjacent pages or writing data into adjacent pages. Thus, a state of thememory cell changes to a weak program state, increasing the thresholdvoltage in most cases. Data retention problem is an error mode in whichdata changes because electrons are drawn from the floating gate after apage once written being left for a long time. Thus, a state of thememory cell changes to a weak erasure state, decreasing the thresholdvoltage in most cases. That is, there is a general trend of increase ordecrease in these defective modes and thus, errors of data are likely tooccur in the same direction.

Thus, by recording data as complementary data as shown in second datapattern of FIG. 21, because if data is 1 (unrecorded), inverted datathereof is 0 (recorded), both pieces of data shift in the 0 direction(increase of threshold voltage) for read program disturb and converselyin the 1 direction (decrease of threshold voltage) for data retention.Thus, whether at least an error has occurred can be determined moreeasily by storing complementary data. In this case, for example, thecomplementary data pair is desirably repeated at least eight times inthe data pattern.

As shown in third data pattern of FIG. 21, the third data patters is anexample in which an error correcting code is further used in addition toread-only data (A, B, . . . Z). Because random errors occur in the NANDflash memory 10 in units of bits, for example, the BCH code, the LDPCcode or the like capable of correcting random bit errors is desirable asthe error correcting code.

In each example of the first to third data patterns, each piece of datamay be randomized. Randomize is to make data to be recorded random by amethod of, for example, calculating an exclusive OR of a generatedrandom sequence and data to be recorded to eliminate data biases. The Msequence or the like may be used as the generation method of a randomsequence.

In addition, in all examples of the first to third data patterns, eachpiece of data is recorded in a binary state. The binary state is amethod of recording data by determining whether the threshold voltage inone memory cell belongs to a high level or a low level by setting onepredetermined level as a reference and can hold information of 1 bit permemory cell. Such a recording method is generally called an SLC (SingleLevel Cell) recording. On the other hand, if data is recorded bydetermining to which level the threshold voltage in one memory cellbelongs by setting a plurality of predetermined levels as a reference,information of a plurality of bits can be held by each memory cell. If,for example, four levels to which the threshold voltage belongs forrecording, information of 2 bits can be held by each memory cell. Such arecording method is generally called an MLC (Multi Level Cell)recording. While the MLC recording can realize higher recordingdensities due to a larger recording capacity per cell, changes ofrecorded data with respect to shifts of the threshold voltage occurrelatively more easily. Thus, it is desirable to record read-only datarecorded in the ROM block 11-3 with a smaller number of bits per cellthan normal data. In MLC of 4-level recording in which the number ofbits per cell is 2, ROM data is desirably SLC-recorded. In MLC of8-level recording in which the number of bits per cell is 4, ROM data isdesirably recorded as MLC of 4-level recording in which the number ofbits per cell is 2 or SLC-recorded.

<Configuration Example of ECC>

Next, a configuration example for performing the error correcting code(ECC) correction will be described.

The first to third data structures shown in FIG. 21 described above aredifferent in a strict sense, but are considered to be correcting codesECC in a broad sense that redundancy is attached to the original data.Thus, each data structure is considered to include data and a correctingcode attached to the data. It is necessary for at least of the hostdevice 20, the controller 19, and the NAND flash memory 10 to have thecorresponding correcting function.

A first example shown in FIG. 22 is an example in which the host device20 has a correcting function (ECC decode) 90. In this case, thecontroller 19 and the NAND flash memory 10 do not execute a correctingprocess and deliver signed data (Data) to the host device 20 and thehost device 20 executes the correcting process through the correctingfunction (ECC decode) 90 to generate predetermined data (Data).

A second example shown in FIG. 23 is an example in which the controller19 has the correcting function (ECC decode) 90. In this case, the NANDflash memory 10 does not execute the correcting process and thecontroller 19 executes the correcting process and delivers correcteddata (Data) to the host device 20.

A third example shown in FIG. 24 is an example in which the NAND flashmemory 10 has the correcting function (ECC decode) 90. In this case, theNAND flash memory 10 executes the correcting process and deliverscorrected data (Data) to the host device 20 via the controller 19.

A fourth example shown in FIG. 25 is an example in which both of thecontroller 19 and the host device 20 have correcting functions 90-1,90-2. In this case, first the attached correcting code has a doublestructure and the controller 19 and the host device 20 each execute thecorrecting process of an inner code (Inner code) or outer code (Outercode).

However, the present embodiment is not limited to the above cases andthe NAND flash memory 10, the controller 19, and the host device 20 caneach correct errors while in collaboration in accordance with thecorrecting function of each.

<Hidden Data in the Hidden Block 11-2>

Next, an example of the holding state of hidden data in the hidden block11-2 will be described by using FIG. 26.

As shown in FIG. 26, hidden data is recorded in pages in the memoryspace of the hidden block 11-2. If hidden data is a sequence of A to Z,FIG. 26 shows three examples.

In a first data pattern shown in FIG. 26, a plurality of pieces ofhidden data (A, A, . . . B, B, . . . ) and an access control pattern B1are stored.

In a second data pattern shown in FIG. 26, a plurality of pieces ofhidden data (A, A, . . . B, B, . . . ), inverted data thereof, and anaccess control pattern B2 are stored.

In a third data pattern shown in FIG. 26, a plurality of pieces ofhidden data (A, B, . . . Z), an error correcting code, and an accesscontrol pattern B3 are stored.

An objective of each example is similarly an error correction. Anotherobjective is to control reading, writing, and erasure of the hiddenblock 11-2 or pages in the hidden block 11-2. Because the area recordshidden data and also holds information used only inside the NAND flashmemory 10 by the authentication circuit 17, it is necessary to inhibitall operations of reading, writing, and erasure from outside. On theother hand, in the initial stage of manufacturing the NAND flash memory10, the area is unrecorded and hidden data needs to be written in one ofthe manufacturing stages. Further, because data retention performance ofthe memory cell in the initial state may be insufficient ascharacteristics of the NAND flash memory 10, it is necessary to causethe memory cell to perform operations of reading, writing, and erasureto inspect whether the memory cell can hold data as specified.

Thus, reading, writing, and erasure can be performed on the area 11-2 inthe manufacturing stage, but it is necessary to inhibit all of reading,writing, and erasure from being performed on the area in shipment aftermanufacturing is completed. As information to cause the state change,the access control patterns B1, B2, B3 are recorded in the area 11-2.

The access control patterns B1, B2, B3 may be recorded for each page oronly in the first page of a block. The recording position of the accesscontrol patterns B1, B2, B3 in a page may be a general data area or aredundant area. The redundant area is, for example, an area used by thecontroller or the like to attach a correcting code, an area used by theNAND flash memory 10 to record information to indicate the internalstatus for each page or the like.

It is also desirable to record, like ROM data, hidden data and theaccess control patterns B1, B2, B3 in binary (SLC) mode.

Next, a configuration example of the access control pattern will beshown by using FIG. 27.

First, the access control pattern is formed of a plurality of bits toprevent losses caused by an error.

The access control pattern B1 as the first example is provided with aplurality of control flag bits A to Z, each of which is set as apredetermined pattern. If an access request of reading, writing, erasureor the like to the area is received from the host device 20, the NANDflash memory 10 checks the access control pattern B1 of the area 11-2against a predetermined pattern and inhibits access if the rate ofmatching of both is equal to a predetermined rate or more.

The access control pattern B2 as the second example is in accordancewith a method of repeatedly recording control flags. This is effectivein reducing the probability of an error of a predetermined pattern.

The access control pattern B3 as the third example is in accordance witha method of recording each control flag and inverted data of eachcontrol flag. As described above, this method is also effective inreducing the probability of an error.

<Usage Example of the Access Control Pattern>

Next, the method of sensing the access control pattern and how to usesensing results.

As shown in FIG. 28, the access pattern read from the hidden area 11-2in the memory cell array 11 is input into a pattern sensing circuit 91in the logic control circuit 85.

The pattern sensing circuit 91 executes a pattern recognition process onthe input access control pattern and determines whether the rate ofmatching is equal to a predetermined rate or more to control accessing.The rate of matching is calculated from an error probability in a memorycell array of the NAND flash memory 10 and the amount of data of accesscontrol patterns and it is desirable to set the rate of matching sothat, for example, an error detection probability becomes at least 10⁻³or less. The pattern sensing circuit 91 inputs an enable signal tocontrol data reading, data writing, and data erasure based on adetection result into the sequence control circuit 88.

The sequence control circuit 88 controls data reading, data writing, anddata erasure according to the enable signal of the sensing result.

<Test Flow>

Next, the inspection flow of the manufacturing process of the NAND flashmemory 10 using the above access control patterns (for example, B1 to B3) will be described along FIG. 29.

(Steps S71, S72)

In the manufacturing process, first data that does not correspond to theaccess control patterns is recorded in the hidden area 11-2 and tested.In this stage, access to the hidden area 11-2 is permitted.

However, any of the different security levels may be set to the area11-2 depending on whether all access of data reading, data writing, anddata erasure is permitted, data writing and data erasure are permittedor the like. If a high security level is needed for the area 11-2, evenif all access is inhibited by the access control patterns, erroneousaccess permission may be granted due to degradation of data of theaccess control patterns. In this case, hidden data may be read out andthus, even in the test process in step S71, data reading may beinhibited, that is, reading may not be permitted to the area 11-2 in thefirst place at the hard-wired level of the NAND flash memory 10.

Alternatively, if resistance to data degradation of the access controlpatterns is sufficient, for example, the access control patterns arerepeatedly recorded many times or a strong error correcting code isattached, control including data reading may be performed by the accesscontrol patterns to ensure convenience of the test. In this case, theerror detection probability shown above is still lower and, for example,10⁻⁵ or lower is desirable.

(Step S73)

Subsequently, after the predetermined test in step S72 is completed,hidden data and the access control patterns (B1 to B3 and the like) arewritten into the hidden area 11-2.

(Step S74)

Subsequently, the NAND flash memory 10 is shipped with the above datawritten.

<Flow of Data Erasure>

Next, the data erasure operation inside the NAND flash memory 10 will bedescribed along FIG. 30.

(Step S76)

First, if an operation instruction of an erasure operation is issued bythe host device 20, the NAND flash memory 10 determines whether theselected block address in the instruction is a specific block.

(Step S77)

Subsequently, if the selected block address is not a specific block(No), the NAND flash memory 10 executes a normal erasure sequence.

(Step S78)

On the other hand, if the selected block address is a specific block(Yes), the NAND flash memory 10 reads access control information (B1 toB3 or the like) from the hidden area 11-2.

(Step S79)

Subsequently, the NAND flash memory 10 senses patterns of the accesscontrol information (B1 to B3 or the like) to determine whether the rateof pattern matching is equal to a predetermined value or more.

(Step S80)

Subsequently, if the rate of pattern matching is equal to thepredetermined value or less (Yes), the NAND flash memory 10 executes anormal erasure sequence.

(Step S81)

Subsequently, if the rate of pattern matching is equal to thepredetermined value or more (No), the NAND flash memory 10 exits theerasure sequence to terminate the data erasure flow (End).

In the present embodiment, data erasure is taken as an example, but thepresent embodiment can similarly be applied to data reading and datawriting.

<Advantageous Effects>

According to the authenticator, authenticatee and authentication methodaccording to the fifth embodiment, at least the advantageous effects (1)to (5) similar to those described above can be obtained.

Further, reliability can advantageously be improved by applying theconfiguration and method in the present embodiment.

[Sixth Embodiment Example of Using the Data Cache for the AuthenticationProcess)]

A sixth embodiment relates to an example of using the data cache for theauthentication process. In the description, overlapping points with theabove embodiments will be omitted.

<Configuration Example of the Data Cache, Sense Amplifier and the Like>

A configuration example of a data cache, sense amplifier and the likeaccording to the sixth embodiment will be described by using FIG. 31.

As shown in FIG. 31, a data cache 12 of an authentication processaccording to the above embodiment is shown as a component. A NAND flashmemory 10 includes the volatile data cache 12 temporarily storing pagedata read from a memory cell array 11 or temporarily storing write pagedata received as recording data from outside. The data cache 12 in thepresent embodiment is also called a page buffer, data buffer or the likeand has an area of the normal page size or more. Further, the data cachefrequently has an area a plurality of times the page size to make areading or writing process of page data faster and to realize randompage access.

The data cache 12 includes a plurality of data caches A, B, C. Each datacache is connected to the sense amplifier (SA) and data line used forreading from the memory cell array 11.

The sense amplifier SA is electrically connected to the memory cellarray 11 via a bit line (not shown).

The latch circuits DC_A of data caches are data caches capable ofdirectly exchanging data with data lines. With IO being connected viathe data line, data in the data cache 12 can be output from the NANDflash memory 10 through DC_A and data outside the NAND flash memory 10can be loaded into the data cache.

Further, an operator connected to the data caches 12 to perform anoperation between the data caches 12 is included. The operatorcorresponds to an authentication circuit 17 used for the authenticationprocess in the above embodiments and including data generators 13, 14and a one-way circuit 15.

Further, an internal register 92 to temporarily store data is included.

In the NAND flash memory 10, in addition to the read command from thememory cell array 11, a command called register read to read data readout from the memory cell array 11 into the data cache 12 is availablefor data reading. Specifically, the data read command includes two kindsof commands; one of the commands instructs the NAND flash memory to readdata from the memory cell array to the data cache 12; another of thecommands instruct the NAND flash memory to read data from the data cache12 to outside and is referred to as “register read.”

In the authentication method, the hidden block 11-2 in the NAND flashmemory 10 may not allow hidden information (NKey, SecretID and the like)recorded in the hidden block 11-2 to be read by access from outside theNAND chip 10. On the other hand, when the NAND flash memory 10 executesan authentication process, the NAND flash memory 10 may internally readhidden information (NKey, SecretID and the like) recorded in the hiddenblock 11-2 to use the hidden information for the authentication process.That is, while it is necessary to allow hidden information (NKey,SecretID and the like) to be read from the memory cell array 11 into thedata cache 12, it is necessary to inhibit data output from the datacache 12 to the outside of the NAND flash memory 10. This corresponds torevoking the register reading.

Thus, the data reading operation when the hidden block 11-2 is accessedfrom outside the NAND flash memory 10 is made different from the normalreading operation. More specifically, when the hidden block 11-2 isaccessed, data sensed from the memory cell array 11 is locked in theother data caches DC_B, DC_C than the data cache DC_A to prevent thedata from being output to revoke the register read command so that thecommand does not work. On the other hand, if the accessed block is notthe hidden block 11-2, data is read as usual by using the data cacheDC_A.

Thus, according to the above configuration, the plurality of data cachesDC_A to DC_C is provided and the authentication process is executed byusing the data caches DC_B, DC_C that cannot be accessed by a user fromoutside. Thus, when hidden information (NKey, SecretID and the like) isused for the authentication process, hidden information such as keyinformation (NKey) can advantageously be prevented from being unlawfullyread from outside.

<First Example of NAND Internal Operation Flow in the AuthenticationProcess>

Next, a flow that does not output information held in the hidden block11-2 to the host device 20 directly or indirectly in the process of theauthentication process will be shown along FIG. 32.

(Step S82)

First, it is assumed in the authentication process that data is inputfrom outside the NAND flash memory 10 like the host device 20. The inputdata is, for example, the random number RN or the host constant HCj andthe data is loaded into the data cache DC_A.

(Step S83)

Subsequently, an indirect read request to access a special block likethe hidden block 11-2 is made from the host device 20. This correspondsto a calculation request of authentication information in theauthentication.

In response to the request, data of a confidential page read from thememory cell array 11 is read out.

(Step S84)

Subsequently, the read data of the confidential page is stored in thedata cache DC_B.

(Step S85)

Subsequently, an operation of the authentication process described inthe above embodiments is performed between data stored in the data cacheDC_A and the data cache DC_B by using the operator (authenticationcircuit 17).

(Step S86)

Subsequently, the operation result is stored in the data cache DC_C.

(Step S87)

If the confidential data remains in the data cache when the chip becomesready by completing the sequence, there is a possibility that theconfidential data may be read from outside. To prevent such apossibility, it is necessary to reset information in all the data cachesDC_A to DC_C before the sequence is completed. On the other hand, thehost device 20 needs to obtain the result of the operation after thedata caches DC_A to DC_C being reset.

Thus, the operation result held in the data cache DC_C is first copiedto the internal register 92.

(Step S88)

Subsequently, data in all the data caches DC_A to DC_C is reset (inthat, data is deleted).

(Step S89)

Subsequently, data saved in the internal register 92 is brought back tothe data cache DC_A. If the operation heretofore is completed, the NANDflash memory 10 completes the sequence to become ready. At this point,the operation result is stored in the data cache DC_A.

(Step S90)

Subsequently, the host device 20 can obtain the data stored in the datacache DC_A by the register read command.

<Second Example of NAND Internal Operation Flow in the AuthenticationProcess>

Next, a NAND internal operation flow in an embodiment including a randomnumber generator 24 n inside the NAND flash memory 10 will be describedalong FIG. 33. FIG. 33 is different from FIG. 32 in that a random numberRNn generated by the random number generator 24 n inside the NAND flashmemory 10 is used.

(Step S91)

First, in the authentication process, when a random number read requestis issued to the NAND flash memory 10 from the host device 20, the NANDflash memory 10 causes the random number generator to generate a randomnumber and the generated random number is loaded into the data cacheDC_A.

(Step S92)

Subsequently, the host device 20 reads the random number in the datacache DC_A by the register read command.

(Step S93)

Subsequently, in the authentication process, data, for example, the hostconstant (HCj) is input from the host device 20 into the NAND flashmemory 10. The data is loaded into the data cache DC_A.

Further, the authentication information which is obtained by thearithmetic operation in the host device 20 is input into the NAND flashmemory 10 from the host device 20. The data is, for example, Oneway-IDand the data is loaded into the data cache DC_A.

(Step S94)

Subsequently, an indirect read request is made from the host device 20by accessing the hidden block 11-2. This corresponds to a calculationrequest of authentication information in the authentication.

Then, a confidential page is read from the memory cell array 11.

(Step S95)

Subsequently, the read result is stored in the data cache DC_B.

(Step S96)

Subsequently, an operation of the authentication process described inthe above embodiments is performed between data stored in the data cacheDC_A and the data cache DC_B by using the operator (authenticationcircuit 17).

(Step S97)

Subsequently, the operation result is stored in the data cache DC_B.

(Step S98)

Subsequently, the operation result of the host held in the data cacheDC_A is verified against the operation result of NAND held in the datacache DC_B.

(Step S99)

Subsequently, if matching of the verification result is confirmed in theverification in step S98, control parameters (890) are updated.

(Step S100)

Subsequently, the NAND flash memory 10 resets information of all thedata caches DC_A to DC_C. If the operation heretofore is completed, theNAND flash memory 10 exits the sequence to become ready.

(Step S101)

Subsequently, the host device 20 obtains the verification result readout of the NAND chip 10 by using a command to confirm the verificationresult.

<Inspection Method of Hidden Information>

Next, the inspection method of hidden information will be described.

•Inspection Flow

The process related to the authentication method in the process fromcompletion of silicon chip in the factory to shipment of the NAND flashmemory 10 will be shown along FIG. 34.

As shown in FIG. 34, the process proceeds in the order of themanufacturing process, test, hidden data writing, and shipment.

(Steps S71, S72)

First, when the manufacturing process of silicon chip is completed, apredetermined inspection test is performed to select the conforming chip10 from the wafer.

(Step S73)

Subsequently, after the normal test process in step S72 is completed,the process of writing hidden data is executed and a test needs to beperformed to check whether the hidden data has been written correctly.

On the other hand, hidden data cannot be directly read from the hiddenblock 11-2. This is because the read function could become a securityhole.

(Step S74)

Subsequently, the NAND flash memory 10 with hidden data writtencorrectly is shipped.

•Indirect Read Inspection Flow of Hidden Information

In step S73, hidden data cannot be directly read from the hidden block11-2 from the viewpoint of possibly becoming a security hole.

Thus, a flow of checking recorded data without providing the direct datareading function will be described along FIG. 35.

(Step S111)

First, hidden information (NKey and the like) is read from the hiddenblock 11-2 of the memory cell array 11.

(Step S112)

Subsequently, the reading result of the read hidden information (NKeyand the like) is stored in the data cache DC_B.

(Step S113)

Subsequently, the data cache DC_A is caused to store the same hiddeninformation (NKey and the like) from outside the NAND flash memory 10.

(Step S114)

Subsequently, an exclusive OR of the data in the data cache DC_A and thedata in the data cache DC_B is calculated by using the operator(authentication circuit 17).

(Step S115)

Subsequently, the result of the exclusive OR is stored in the data cacheDC_C.

(Step S116)

Subsequently, data in the data cache DC_C is sensed.

(Step S117)

At this point, if the data in the data cache DC_A and the data in thedata cache DC_B match (Yes), the test is passed (OK). On the other hand,if both pieces of data mismatch (No), the test fails.

More specifically, the data cache DC_C contains the result of theexclusive OR and thus, if the data (all of the bits) in the data cacheDC_C is all “0” (Yes), the test is passed (OK). On the other hand, ifthe data in the data cache DC_C is “1” (No), the test fails.

First, whether the data in the data cache DC_C is all “0” is sensed. Ifall bits are “0” (Yes), the test is passed. Otherwise (No), the testproceeds to step S118.

(Step S118)

Subsequently, if all bits are not “0” (No), the number of “1” iscounted. If the number of “1” is equal to a specified number or less(Yes), the test is passed because errors are determined to becorrectable by a majority vote error correction or correcting code (OK).On the other hand, if the number of “1” is equal to the specified numberor more (No), the test fails (NG).

Also a method of controlling access to the hidden block 11-2 based onsecond hidden information is possible by separately holding thehard-wired second hidden information in the NAND flash memory 10 insteadof the hidden information recorded in the hidden block 11-2 by using themethod using the authentication for access control to a specific blockdescribed in the above embodiment. In this case, not only data reading,but also data writing and data erasure may be controlled by theauthentication based on the second hidden information.

<Advantageous Effects>

According to the authenticator, authenticatee and authentication methodaccording to the sixth embodiment, at least the advantageous effects (1)to (5) similar to those described above can be obtained.

Further, in the present embodiment, when the hidden block 11-2 isaccessed, data sensed from the memory cell array 11 is locked in theother data caches DC_B, DC_C than the data cache DC_A to prevent thedata from being output to revoke the register read command so that thecommand does not work. On the other hand, if the accessed block is notthe hidden block 11-2, data is read as usual by using the data cacheDC_A.

Thus, according to the above configuration, the plurality of data cachesDC_A to DC_C is provided and the authentication process is executed byusing the data caches DC_B, DC_C that cannot be accessed by a user fromoutside. Thus, when hidden information (NKey, SecretID and the like) isused for the authentication process, hidden information such as keyinformation (NKey) can advantageously be prevented from being unlawfullyread from outside.

In addition, as shown in steps S88, S100 above, hidden information suchas key information in the data caches DC_A to DC_C is all erased beforereturning from the busy state to the ready state. Thus, safety can beensured.

[Seventh Embodiment (Example of Command Mapping)]

A seventh embodiment relates to an example of command mapping. In thedescription, overlapping points with the above embodiments will beomitted.

<Example of Command Mapping Compatible with the Read/Write Commands>

A NAND flash memory 10 specifies the block to be read and the pageaddress by, for example, a command sequence of “00h”-“Address”-“30h” asa command for reading. The address portion shows frequently a blockaddress, page address, or byte position in the specific page. Input datain the column address portion may be ignored or may be used for settinga byte pointer after page reading to read data positioned from the byteposition corresponding to the byte pointer. After the command 30h isinput, the NAND flash memory 10 is in a busy state for reading andchanges to a ready state after reading is completed. After thetransition to the ready state, data output (Dout) is enabled and datacan be read by providing a signal RE or DQS. To change the byte positionin a read page, the column address corresponding to the byte position tobe read is set by using a command sequence of “05h”-“Address”-“E0h”.

A command sequence of “80h”-“Address”-“Input Data”-“10h” is used fordata writing (recording) to specify the block and page to be writteninto. The address portion shows frequently a block address, pageaddress, or byte position in the specific page. Input data for thecolumn address portion may be ignored or may be used for setting a bytepointer for page write data input to input write data positioned fromthe byte position corresponding to the byte pointer. After the command10h is input, the NAND flash memory 10 is in a busy state for writingand changes to a ready state after writing is completed.

The above is a command system widely used by the NAND flash memory 10.When implementing the authentication function according to the aboveembodiments, providing commonality of command sequences as much aspossible is preferable from the viewpoint of minimizing the packagingarea of a circuit. However, the authentication function is used infields in which security is required and thus, there is also a point ofview that limiting function users is more desirable.

Thus, FIGS. 36A and 36B show a command mapping example compatible withthe above read and write commands of the NAND flash memory 10 inconsideration of the above points of view.

The command mapping example is different from the above general commandsequence in that the input command of Security Prefix is attached priorto the command. Security Prefix configured by a single byte and by aplurality of bytes can be considered. The command Security Prefix isdisclosed to only those users who need the authentication function. Fromthe viewpoint of user management, it is desirable to configure thecommand Security Prefix by a plurality of bytes.

As shown in FIG. 36A, like a data read command sequence, the blockaddress and the page address to be read are specified by sequentiallyinputting “command Security Prefix”-“command 00h”-“address ADD”-“command30h” into the IO terminal. The value set to Address may further be madea special value for user management or an internally ignored value.

Subsequently, after the command 30h is input, the NAND flash memory 10is in a busy state for reading and changes to a ready state afterreading is completed. After the transition to the ready state, dataoutput (Dout) is enabled and data such as index information i, v, uniqueencrypted secret identification information (E-SecretID), and commonlyattached key management information (FKB) can be read by supplying asignal RE, DQS or the like.

As shown in FIG. 36B, like a data write command sequence, target data isinput by sequentially inputting “command Security Prefix”-“command80h”-“address ADD”-“data Din (32B)”-“command 10h” into the IO terminal.The value set to Address may further be made a special value for usermanagement or an internally ignored value. The present sequence has alot in common with a write sequence, but actually data writing into acell array is not needed and the present sequence is used for input ofdata needed by the NAND flash memory 10 for calculation in theauthentication process. Examples of data needed for calculation in theauthentication process include unique information HCi of the host device20 and a random number.

Subsequently, the NAND flash memory 10 is in a busy state until thecalculation of the authentication process is completed and then changesto a ready state after the calculation is completed and security data inthe data caches DC_A to DC_C is all cleared.

As shown in FIG. 36B, after the transition to the ready state, the hostdevice 20 can acquire the result by sequentially inputting “command05h”-“address ADD”-“command E0h” into the IO terminal and specifying thecolumn address where the calculation result of the authenticationprocess is held. Oneway-ID can be cited as an example of the calculationresult of the authentication process.

<Example of Command Mapping Compatible with the Set/Get FeatureCommands>

Next, another example of the command configuration of the NAND flashmemory 10 to which the present authentication function is applied willbe shown by using FIGS. 37A and 37B.

The NAND flash memory 10 has a command called “Set Feature” to enablethe function of the memory 10 and a command called “Get Feature” to readan enabled/disabled state for the function of the memory 10. Thesecommands are used, for example, to enable input of /RE, /WE, and /DQS,which are complementary signals for high-speed data transfer.

The function of “Set Feature” is set by inputting a command sequence of“EEh”-“Address”-“Data input”. The function number is set to “Address”and parameters of the function indicated by the function number areinput into “Data input”. Then, a busy period to enable the functioncomes and with the function being enabled, a transition to a ready stateoccurs.

“Get Feature” reads an enabled/disabled state of the function byinputting a command sequence of “EFh”-“Address”-“Data output”. Thefunction number is set to “Address” and parameters of the functionindicated by the function number are output to “Data output”. A busyperiod exists between Address and Data output to internally read setparameters.

The present embodiment is an example of the command sequence divertingthese Set Feature and Get Feature.

As shown in FIG. 37A, the command sequence is like the above case, but“Address” to be specified is different. “Address” may be a single byteand a plurality of bytes. “Address” is disclosed to only those users whoneed the authentication function. From the viewpoint of user management,it is desirable to configure “Address” by a plurality of bytes. Examplesof “Data output” and “Data input” include, like those shown in FIGS. 37Aand 37B above, index information i, v.

As shown in FIG. 37B, the command sequence of “EEh”-“address ADD”-“dataDin” for data input induces execution of the authentication process atthe same time and the NAND flash memory 10 performs a calculation of theauthentication process in the busy period.

Subsequently, after the calculation is completed and security data iscleared from the data caches, the NAND flash memory 10 changes to aready state. After the transition to the ready state, the host device 20can read Oneway-ID.

<Advantageous Effects>

According to the authenticator, authenticatee and authentication methodaccording to the seventh embodiment, at least the advantageous effects(1) to (5) similar to those described above can be obtained.

Further in the present embodiment, as shown in FIGS. 36A and 36B,commonality with the command sequence of the NAND flash memory 10 can beprovided as much as possible. Thus, the packaging area of a circuit canbe minimized while taking security into consideration, which is moreeffective in implementing the authentication function according to theabove embodiments.

Also as shown in FIGS. 37A and 37B, the command called “Set Feature” toenable the function of the memory 10 and the command called “GetFeature” to read the enabled/disabled state of the function of thememory 10 can also be made common and applied if necessary.

Clearing all data of the data caches DC_A to DC_C in the timing beforereturning from the busy state to the ready state is the same as theabove case.

[Eighth Embodiment (Application Example to a Memory Card, ContentProtection, and HDD)]

An eighth embodiment relates to an application example to a memory card,content protection, and HDD. In the description, overlapping points withthe above embodiments will be omitted.

Application Example to a Memory Card

A configuration example of a memory card including a NAND flash memory10 to which the present authentication function is applied will be shownby using FIG. 38.

As shown in FIG. 38, a controller 19 is embedded in a memory card 55.The controller 19 includes a function to control the operation of theNAND flash memory 10, a function to control the interface with a hostdevice 20, and the like.

At least one of a plurality of NAND flash memory chips 10 (MCP1), (MCP2)stacked in a NAND package is included in the memory card 55. At leastone NAND flash memory chip 10 in the NAND package needs to have theauthentication function and the function to be authenticated accordingto at least one of the above embodiments. In other words, all the NANDflash memory chips 10 in the NAND package do not have to have theauthentication function and the function to be authenticated accordingto the above embodiment. Further, all NAND packages mounted on thememory card 55 do not have to have the authentication function and thefunction to be authenticated according to at least one of the aboveembodiments. For the clarification, the NAND flash memory 10 in thepresent embodiment may be referred to as a NAND package or a NAND flashmemory chip.

The controller 19 in the memory card 55 has a function to control theauthentication function and the function to be authenticated accordingto at least one of the above embodiments via a NAND interface in theNAND package. The function of the controller 19 may be a function tocontrol the authentication function and the function to be authenticatedof one of a plurality of NAND packages or a function to control theauthentication function and the function to be authenticated of each ofthe plurality of NAND packages. Further, the function of the controller19 may be a function to control the authentication function and thefunction to be authenticated of one of the NAND flash memory chips 10 inthe NAND package or a function to control the authentication functionand the function to be authenticated of each of the NAND flash memorychips 10 in the NAND package.

•First Application Example to Content Protection

A first application example to content protection of the memory card 55including the NAND flash memory 10 to which the authentication functionis applied will be shown by using FIG. 39. For the sake of simplicity,content described herein heretofore will not be described below.

The controller 19 and NAND packages (MCP1), (MCP2) are embedded in thememory card 55. The NAND packages (MCP1), (MCP2) have the authenticationfunction and the function to be authenticated according to at least oneof the above embodiments.

The host device 20 verifies the authenticity of secret identificationinformation SecretID of the NAND packages (MCP1), (MCP2) of the NANDflash memory 10 by the authentication process shown in at least one ofthe above embodiments.

After the authenticity is verified, the host device 20 executes thecalculation process of EMID by using the method described in the secondembodiment based on the secret identification information SecretID.

The NAND package (MCP2) generates binding data (labeled with “BindingData in FIG. 39) to associate EMID and content (labeled with “Content”in FIG. 39) when the content is written. Binding Data desirably containsdata on the key to encrypt/decrypt content. Binding Data is recorded inone of the NAND packages (MCP1), (MCP2) mounted on the card 55. The NANDpackage in which Binding Data is recorded may be the NAND package (MCP1)having secret identification information SecretID used for theauthentication process or the other NAND package (MCP2). FIG. 39 showsthe latter example, but the arrangement of Binding Data is not limitedto this example. The recording position of content may be similarly inany NAND package.

The relationship between the content and EMID is calculated andverified, and the content is reproduced only if the relationship isverified. The EMID is obtained by the authentication process of SecretIDand the binding data which associates EMID and content.

With the above configuration, content (Content) is associated withSecretID. Thus, an effect of invalidating reproduction of content canadvantageously be achieved even if content or Binding Data is unlawfullycopied to another memory card that does not have the same SecretID.

•First Application Example to HDD

A First example of a configuration of a hard disk drive (HDD) using theNAND flash memory 10 to which the present authentication function isapplied will be shown by using FIG. 40.

As shown in FIG. 40, at least one NAND package (MCP1) is embedded in anHDD package 200, and at least one NAND package has the authenticationfunction and the function to be authenticated according to at least oneof the above embodiments.

At least one HDD 210 is embedded in the HDD package 200.

Further, a bridge controller 190 to control the NAND package (MCP1),control the HDD 210, and control the interface with the host device isembedded. The bridge controller 190 may be configured by a singleintegrated circuit or a plurality of integrated circuits. The functionmay also be realized by combining an integrated circuit and firmware.

The authentication function and the function to be authenticated in theNAND package (MCP1) are provided to the HDD 210 as a host device via thebridge controller 190.

•Second Application Example to HDD

Another configuration example of the hard disk drive (HDD) using theNAND flash memory 10 to which the present authentication function isapplied will be shown by using FIG. 41.

As shown in FIG. 41, the HDD package 200 includes a memory card socket550 to connect the memory card 55 described above by using FIG. 38.

At least one HDD 210 is embedded in the HDD package 200. Further, thebridge controller 190 to control the memory card 55, control the HDD210, and control the interface with the host device is embedded. Thebridge controller 190 may be configured by a single integrated circuitor a plurality of integrated circuits. The function may also be realizedby combining an integrated circuit and firmware.

The authentication function and the function to be authenticated in thememory card 55 are provided to the HDD 210 as a host device via thebridge controller 190.

•Second Application Example to Content Protection

FIG. 42 shows an application example of the hard disk drive (HDD) usingthe NAND flash memory 10 to which the present authentication function isapplied to content protection. The present embodiment takes the HDDconfiguration shown in FIG. 41 as an example, but is also applicable tothe HDD configuration shown in FIG. 40.

As shown in FIG. 42, bridge controllers 190A, 190B, memory card sockets550A, 550B, and HDD 210A, 210B are embedded in HDD packages 200A, 200B,respectively.

The memory card 55 includes the authentication function and the functionto be authenticated according to at least one of the above embodiments.The host device 20 verifies the authenticity of SecretID of the NANDflash memory 10 by the authentication process shown in the aboveembodiments. After the authenticity is verified, the host device 20executes the calculation process of EMID by using the method shown inthe second embodiment based on the secret identification informationSecretID.

Binding Data to associate EMID and content (Content) is generated whenthe content is written. Binding Data desirably contains data on the keyto encrypt/decrypt content. Binding Data is recorded in one of thememory card 55 and the HDD 210A, 210B. An example in which Binding Datais recorded in the HDD 210A, 210B is shown, but the arrangement ofBinding Data is not limited to this example. The recording position ofcontent may be similarly in the memory card 55 or the HDD 210A, 210B.

The relationship between the content and EMID is calculated andverified, and the content is reproduced only if the relationship isverified. The EMID is obtained by the authentication process of SecretIDand the binding data which associates EMID and content.

The present embodiment is an example of using the authenticationfunction and the function to be authenticated included in the NAND flashmemory 10 in the memory card 55 via the card socket 550A, but is alsoapplicable to a configuration in which the NAND packages are directlyembedded in the HDD shown in FIG. 40 and the HDD directly control theNAND packages. In this case, the memory card may be replaced by the NANDpackage.

Further, as an application example applicable to an HDD having the cardsockets 550A, 550B, if a plurality of similar HDD packages exists,content recorded in any HDD can be reproduced only by moving the cardafter content and Binding Data being copied to both HDD packages.Binding Data may be recorded in the card, instead of the HDD, or inboth.

With the present configuration, content (Content) is associated with thememory card 55 or SecretID in a NAND package and thus, an effect ofinvalidating reproduction of content can be achieved even if content orBinding Data is unlawfully copied to the memory card 55 that does nothave the same SecretID.

Further, in the example in which an HDD package includes a memory socketshown in FIG. 41, the content recorded in a plurality of HDD can bereproduced only by moving a memory card. This is advantageous in termsof portability because an HDD has a large cabinet and may be installedfor stationary use compared with a memory card.

•Third Application Example to Content Protection

A third application example of the hard disk drive (HDD) using the NANDflash memory 10 to which the present authentication function is appliedwill be described by using FIG. 43. The present embodiment is an examplein which the host device 20 includes the memory card socket 550 and usesthe external HDD 210.

As shown in FIG. 43, The bridge controller 190 and the HDD 210 areembedded in the HDD package 200.

The card control function and the authentication function included inthe memory card 55 inserted into the memory card socket 550 are embeddedin the host device 20. An NAND package having the authenticationfunction and the function to be authenticated according to at least oneof the above embodiments is embedded in the memory card 55.

In the above configuration, the host device 20 verifies the authenticityof SecretID of the NAND flash memory 10 by the authentication processshown in at least one of the above embodiments.

After the authenticity is verified, the host device 20 executes thecalculation process of EMID by using the method according to the secondembodiment based on the secret identification information SecretID.

Binding Data to associate EMID and content (Content) is generated whenthe content is written. Binding Data desirably contains data on the keyto encrypt/decrypt content. Binding Data is recorded in one of thememory card 55 and the HDD 210. The latter example is shown here, butthe arrangement of Binding Data is not limited to this example. Therecording position of content may be similarly in the memory card 55 orthe HDD 210.

The relationship between the content and EMID is calculated andverified, and the content is reproduced only if the relationship isverified. The EMID is obtained by the authentication process of SecretIDand the binding data which associates EMID and content.

The present embodiment is an example of using the authenticationfunction and the function to be authenticated included in the NAND flashmemory 10 in the memory card 55 via the card socket 550, but is alsoapplicable to a configuration in which the NAND packages are directlyembedded in the host device 20 and the host device 20 directly controlsthe NAND packages. In this case, the memory card 55 may be replaced bythe NAND package.

Further, as an application example applicable to the host device 20having the card socket 550, if a plurality of the similar host devices20 exists, content can be reproduced by any of the host devices 20 byconnecting the memory card 55 and the HDD package 200 to the other hostdevice 20. Content and Binding Data may be recorded in the card 55,instead of the HDD 210, or in both.

With the present configuration, content is associated with the memorycard 55 or SecretID in a NAND package and thus, an effect ofinvalidating reproduction of content can be achieved even if content orBinding Data is unlawfully copied to the memory card that does not havethe same SecretID. Further, the content can be reproduced by a pluralityof host devices by moving the memory card 55 and the HDD 210.

•Fourth Application Example to Content Protection

An fourth application example of the hard disk drive (HDD) using theNAND flash memory 10 to which the present authentication function isapplied will be described by using FIG. 44. The present embodiment is anexample in which the host device 20 includes the memory card socket 550and further uses the built-in HDD 210.

As shown in FIG. 44, the bridge controller 190 and the HDD 210 areembedded in the HDD package 200.

The card control function and the authentication function included inthe memory card 55 inserted into the memory card socket 550 are embeddedin the host device 20. An NAND package having the authenticationfunction and the function to be authenticated according to at least oneof the above embodiments is mounted on the memory card 55.

In the above configuration, the host device 20 verifies the authenticityof SecretID of the NAND flash memory 10 by the authentication processshown in at least one of the above embodiments.

After the authenticity is verified, the host device 20 executes thecalculation process of EMID by using the method according to the secondembodiment based on the SecretID.

Binding Data to associate EMID and content (Content) is generated whenthe content is written. Binding Data desirably contains data on the keyto encrypt/decrypt content. Binding Data is recorded in one of thememory card 55 and the HDD 210. The latter example is shown here, butthe arrangement of Binding Data is not limited to this example. Therecording position of content is similarly in the memory card 55 or theHDD 210.

The relationship between the content and EMID is calculated andverified, and the content is reproduced only if the relationship isverified. The EMID is obtained by the authentication process of SecretIDand the binding data which associates EMID and content.

The present embodiment is an example of using the authenticationfunction and the function to be authenticated included in the NAND flashmemory 10 in the memory card 55 via the card socket 550, but is alsoapplicable to a configuration in which the NAND packages are directlyembedded in the host device 20, and the host device 20 directly controlsthe NAND packages. In this case, the memory card 55 may be replaced bythe NAND package.

Further, as an application example applicable to the host device 20having the card socket 550, if a plurality of the similar host devices20 exists, content can be reproduced by any of the host devices 20 byconnecting the memory card 55 and the HDD package 200 to the other hostdevice 20. Content and Binding Data may be recorded in the card 55,instead of the HDD 210, or in both.

With the present configuration, content is associated with the memorycard 55 or SecretID in a NAND package and thus, an effect ofinvalidating reproduction of content can be achieved even if content orBinding Data is unlawfully copied to the memory card that does not havethe same SecretID. Further, content can be reproduced by a plurality ofhost devices by moving the memory card 55 and the HDD 210.

[Second Modification (Another Example of Using the Data Caches)]

A second modification relates to another configuration example of usingthe data caches described in the sixth embodiment for the authenticationprocess. In the description, overlapping points with the aboveembodiments will be omitted.

<Configuration Example of the Sense Amplifier and the Peripheral CircuitThereof>

A configuration example of the sense amplifier and the peripheralcircuit thereof is shown as in FIG. 45. In the second modification, asshown in FIG. 45, data cache 12 includes data caches (latch circuits)DC_A, DC_B, DC_C, and DC_S and only DC_A is connected to a data line viaa column control circuit and is used to exchange data with units outsidethe chip. DC_S is a latch used to control the operation of the senseamplifier in accordance with data. DC_B, DC_C, and DC_S are connected inparallel with a bus (LBUS) between DC_A and the sense amplifier and usedas data caches and it is necessary to exchange data with the outside viaDC_A. The column control circuit connects DC_A associated with thecolumn address to a data line. When a NAND flash memory is used fornormal operation, the column address supplied by an address controlcircuit is used, but the address specified by an operator is used whenan authentication sequence of the present proposal is performed. Whetherto use a normal address or an address of an operator can be switched bya mode switching signal.

<Equivalent Circuit Example of the Sense Amplifier and Data Caches>

FIG. 46 shows an equivalent circuit example of a sense amplifier 77 anddata caches 12 in FIG. 45.

While certain embodiments have been described, these embodiments havebeen presented by way of example only, and are not intended to limit thescope of the inventions. Indeed, the novel embodiments described hereinmay be embodied in a variety of other forms; furthermore, variousomissions, substitutions and changes in the form of the embodimentsdescribed herein may be made without departing from the spirit of theinventions. The accompanying claims and their equivalents are intendedto cover such forms or modifications as would fall within the scope andspirit of the inventions.

What is claimed is:
 1. A memory device to be authenticated comprising: apackage including a stacked structure with multiple chips; a firstmemory area being contained in the package, the first memory area beingused to store a first key and secret identification information uniqueto the device, and the first memory area being prohibited from beingread and written from outside of the device at least after shipping; asecond memory area being contained in the package, the second memoryarea being used to store encrypted secret identification informationgenerated by encrypting the secret identification information, and thesecond memory area being required to be read-only from outside of thedevice; a third memory area being contained in the package, the thirdmemory area being required to be readable and writable from outside ofthe device; a first data generator configured to generate a second keyby encrypting a host constant with the first key; a second datagenerator configured to generate a session key by encrypting a randomnumber with the second key; a one-way function processor configured togenerate an authentication information by processing the secretidentification information with the session key in one-way functionoperation; and a data output interface configured to output theencrypted secret identification information and the authenticationinformation to outside of the device.